The report calls on organizations to strengthen cyber resilience as AI-driven adversaries redefine the threat landscape.
CrowdStrike’s 2025 APJ eCrime Landscape Report uncovers a thriving underground cyber economy driven by Chinese-speaking actors and powered by artificial intelligence. Despite Beijing’s restrictions and eCrime crackdowns, anonymized marketplaces like Chang’an, FreeCity, and Huione Guarantee continue to flourish—fueling billions in illicit transactions across Asia Pacific and Japan (APJ). Before its 2025 disruption, Huione Guarantee alone processed an estimated USD 27 billion through criminal trades involving stolen credentials, phishing kits, and money-laundering services.
Meanwhile, AI is transforming the ransomware ecosystem. CrowdStrike intelligence reveals that AI-enhanced malware and automated attack workflows are accelerating the scale and speed of ransomware campaigns. Ransomware-as-a-Service (RaaS) operators such as KillSec and Funklocker executed over 120 high-profile attacks in 2025, particularly targeting manufacturing, technology, and financial sectors in India, Australia, and Japan.
The report also details sophisticated account takeover campaigns against Japanese trading platforms, where Chinese-speaking groups manipulated thinly traded stocks through coordinated phishing and fraud schemes. Infrastructure providers like CDNCLOUD, Magical Cat, and Graves International SMS have further industrialized these operations—offering phishing, hosting, and global spam services to the criminal ecosystem.
“eCrime actors are industrializing cybercrime across APJ through thriving underground markets and AI-developed malware,” said Adam Meyers, Head of Counter Adversary Operations, CrowdStrike. “Defenders must respond with the same pace—leveraging AI, human expertise, and unified defense strategies.”