APT attacks on the rise in Asia Pacific
“Based on what we have seen over the past year, we believe that cyberattacks will most definitely continue to evolve and increase and increasingly target critical national infrastructure,” says Dmitry Volkov, Group-IB CEO.
According to Group-IB’s High Tech Crime Trends Report 2025, advanced persistent threats (APT) remain a big problem for organizations around the world. In fact, the report revealed that APT attacks in 2024 increased a whopping 58% from the previous year, with governments being targeted the most.
While Europe recorded the most APT attacks, in Asia Pacific, the report revealed that Indonesia experienced 2nd highest number of APT related cyberattacks in 2024, accounting for 7% of all incidents in the region, while Malaysia made up 5%.
Apart from APT attacks, the report also revealed an increase in AI-powered cyberattacks, with deepfake services in social messaging app surging 40%. Hacktivism activities also increased with over 300 hacktivist groups launching cyberattacks last year. In the APAC region, there were 467 ransomware-related attacks recorded, with real estate, manufacturing, and financial services among the top targeted industries.
Looking at data leaks, in 2024, 1,107 instances of data leaks were detected globally, compromising over 6.4 billion user data strings. The leaked data, particularly email addresses, phone numbers, and passwords, poses significant risks as it can be exploited for various attacks. Of the leaked data, more than 6.5 billion entries included email addresses with 2.5 billion unique. There were also nearly 456 million leaks involving passwords and over 3.3 billion entries contained phone numbers.
Dmitry Volkov, Group-IB CEO shared more with CRN Asia on the findings of the report as well as the role they are playing to keep countries and businesses safe.
How much impact will geopolitics have on APT attacks?
APT are state-sponsored threat actors commonly tasked with the aim of advancing their nation or state’s agenda, or gain an advantage over rival countries, and therefore we often see a surge in APT-related attacks especially during periods of conflict.
In our High-Tech Crime Trends Report 2025, we highlighted ongoing conflicts between Russia and Ukraine, and Israel and Palestine, which has intensified APT activities, particularly in Europe, the Middle East, and Africa. Their targets are primarily government, military, and critical infrastructure sectors to gather intelligence, disrupt operations, or cause economic instability.
Are cybercriminals now feeling more fueled or hyped to launch more attacks on US allies as the Trump administration imposes tariffs and new policies that could impact most countries in Asia?
All cybercriminals are opportunists, regardless of times of peace or uncertainty. But based on what we have seen over the past year, we believe that cyberattacks will most definitely continue to evolve and increase and increasingly target critical national infrastructure.
In 2024, we detected 828 APT related cyberattacks globally, a 58% increase over the past year, with almost 22% of the attacks focused on the Asia Pacific region. The attacks in the region targeted critical infrastructure, including government, military, education, financial services, transportation, information technology, and healthcare.
Furthermore, the Asia Pacific region continues to be a prime target for ransomware attacks. We identified 467 ransomware attacks in 2024 targeting the real estate, manufacturing, financial services, and healthcare sectors.
We believe that the complexities of geopolitical dynamics, combined with the region's economic and technological growth, will continue to make the Asia Pacific an attractive target for both financially motivated and state-sponsored cybercriminals.
Crypto remains a hotbed for cybercriminals. What else needs to be done to secure this space?
We believe that securing the cryptocurrency space requires a multi-faceted approach. As detailed in our report, we highlighted the growing challenge of how cybercriminals are increasingly using cryptocurrency to launder money and evade detection.
Strengthening Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols, enhancing the security of cryptocurrency exchanges, and leveraging advanced analytics to track illicit transactions are critical measures. Additionally, conducting regular audits of protocols and infrastructure to detect potential vulnerabilities is crucial, as threat actors often exploit these weaknesses to manipulate cryptocurrencies.
Protecting both the users and the devices of cryptocurrency company employees is equally important, as they are frequently targeted by highly advanced threat actors. Furthermore, cross-border collaboration between cybersecurity firms, regulators, and law enforcement agencies can further enhance the ability to detect and prevent crypto-related cybercrime.
How much AI are cybercriminals relying on, especially when it comes to APT attacks?
AI has become a double-edged sword in the cyber threat landscape. Cybercriminals are increasingly utilizing AI to automate and enhance their attack methodologies. In APT scenarios, AI is used for automating phishing attacks, generating deepfake content for social engineering, and developing adaptive malware capable of evading traditional detection systems. To counter this, cybersecurity defenses must also incorporate AI-driven threat detection and response systems, along with continuous monitoring and adaptation to emerging AI-enabled threats.
Lastly, how is Group-IB working with regulators and law enforcement agencies to deal with the increasing attacks?
Since our founding, Group-IB has remained dedicated to supporting local and international law enforcement agencies in the battle against cybercrime. In 2024 alone, we played a pivotal role in contributing to eight major operations across more than 60 countries, leading to the arrest of 1,221 cybercriminals and the dismantling of over 207,000 malicious infrastructures.
With 11 Digital Crime Resistance Centers (DCRCs) strategically located in the Asia-Pacific, Central Asia, Middle East and Africa, Europe, and the Americas, we provide vital threat intelligence, investigative support, and technical expertise to bolster both local and global law enforcement initiatives.
As a trusted partner of INTERPOL, Europol, and AFRIPOL, we regularly share our knowledge and insights with these agencies, contributing to stronger regional and global cybersecurity frameworks.