CrowdStrike has released its 2025 APJ eCrime Landscape Report, revealing a thriving Chinese-language cybercrime ecosystem and a surge in AI-powered ransomware operations across Asia Pacific and Japan (APJ). Despite strict internet controls and law enforcement efforts in China, anonymised underground marketplaces remain central to the region’s cybercrime economy, enabling actors to trade stolen data, malware, and illicit services while evading oversight.
These marketplaces, operating across clearnet, darknet, and encrypted messaging platforms, have processed billions of dollars in criminal transactions. Among them is Huione Guarantee, which handled an estimated US$27 billion in illicit trades before being disrupted earlier this year. Other platforms, including Chang’an and FreeCity, continue to offer a safe haven for Chinese-speaking actors focused on maintaining operational security.
The report, based on intelligence from CrowdStrike’s team of threat hunters and analysts monitoring more than 265 adversary groups, paints a picture of an increasingly sophisticated and industrialised cybercrime ecosystem that shows no signs of slowing down.
AI accelerates the next wave of ransomware threats
Artificial intelligence is rapidly reshaping the ransomware landscape, enabling adversaries to accelerate every stage of the attack chain. From more convincing social engineering campaigns to automated malware development, AI is fuelling a new generation of attacks targeting high-value organisations across the region.
The report highlights a surge in so-called “Big Game Hunting” ransomware campaigns, particularly in India, Australia, and Japan. Ransomware-as-a-Service (RaaS) providers such as KillSec and Funklocker, which use AI to develop and deploy their malware, were responsible for over 120 incidents. Manufacturing, technology, and financial services companies were among the most frequently targeted, with 763 victims publicly named on dedicated leak sites.
“eCrime actors are industrialising cybercrime across APJ through thriving underground markets and complex ransomware operations. Simultaneously, AI-developed malware enables adversaries to launch high-velocity, high-volume attacks,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “Defenders must meet this new pace of attack with decisive action, powered by AI, informed by human experience, and unified in response.”
Financial manipulation and expanding cybercrime services
The report also details how Chinese-speaking threat actors have exploited Japanese trading accounts in coordinated account takeover campaigns. These operations compromised users to manipulate the value of thinly traded China-based stocks through pump-and-dump schemes. Using shared phishing infrastructure, the attackers stole victim data and sold it on underground platforms such as Chang’an Marketplace.
The industrialisation of eCrime is further driven by specialised service providers offering tools and infrastructure to support large-scale operations. Providers such as CDNCLOUD supply bulletproof hosting services, while Magical Cat delivers phishing-as-a-service platforms. Graves International SMS offers global spam distribution, all contributing to the rapid scaling of phishing, malware delivery, and monetisation schemes.
Meanwhile, remote access tools (RATs) including ChangemeRAT, ElseRAT, and WhiteFoxRAT have been deployed against Chinese- and Japanese-speaking users. These tools are distributed through tactics such as SEO poisoning, malvertising, and phishing campaigns disguised as purchase orders, allowing attackers to gain persistent access to compromised systems.
A growing challenge for defenders
The findings of the 2025 APJ eCrime Landscape Report highlight the growing challenge for organisations and governments across the region. The combination of resilient underground marketplaces, the industrialisation of cybercrime services, and the rise of AI-enhanced ransomware is rapidly increasing the speed, scale, and impact of attacks.
As cybercriminal operations evolve, defenders are under pressure to respond with equally advanced strategies. The report underscores the need for AI-powered defences, collaboration across industries, and proactive threat intelligence to counter increasingly sophisticated adversaries.
