Japan and India seeing highest cybercrime activity in APAC: Microsoft Digital Defense 2025 report

Government agencies and services as well as IT companies are also the sectors most targeted by cyberthreats in 2025.

According to Microsoft’s Digital Defense Report 2025, nation-state threat actors have evolved their cyber and influence operations. Leveraging AI, nation-state actors remain focused on intelligence collection and public perception manipulation, shaping conflict narratives and flooding the information space with synthetic media to desensitize audiences and exhaust detection systems.

Amy Hogan-Burney, Corporate Vice President, Customer Security & Trust at Microsoft explained in a blog post that “threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself. Nation-state actors, too, have continued to incorporate AI in their cyber influence operations. This activity has picked up in the past six months as actors use the technology to make their efforts more advanced, scalable, and targeted.”

Looking at cybercrime activity in the region, Japan and India recorded the most cybercrime activity APAC, with the Philippines the most targeted ASEAN nation in 7^th place. Malaysia, Singapore and Vietnam are also among the top 10 countries in APAC affected by increasing cybercrime.

Interestingly, the report revealed cyberattacks remain by and large financially motivated with extortion; ransomware, and data theft are primary attack motivations. Espionage accounts for only 4% of attacks. Government agencies and services as well as IT companies are also the sectors most targeted by cyberthreats in 2025.

While espionage only accounted for 4% of cyberattacks, Hogan-Burney pointed out that nation-state actors still target key industries and regions, expanding their focus on espionage, and in some cases on financial gain. She highlighted geopolitical objectives driving a surge in state-sponsored cyber activity, with a notable expansion in targeting communications, research and academia.

For example, she stated that China is continuing its broad push across industries to not only conduct espionage and steal sensitive data but have also become faster at operationalizing newly disclosed vulnerabilities. She added that Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations while Russia has expanded targets and North Korea remained focused on revenue generation and espionage.

“Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords (“credentials”) for these bulk attacks by in large from credential leaks,” said Hogan-Burney.

She also highlighted the surge in the use of infostealer malware by cybercriminals. Infostealers can secretly gather credentials and information about online accounts like browser session tokens, at scale. Hogan-Burney said cybercriminals can then buy this stolen information on cybercrime forums, making it easy for anyone to access accounts for purposes such as the delivery of ransomware.

In mid-2025, Microsoft’s Digital Crimes Unit, working with the U.S. Department of Justice, Europol, and Japan’s Cybercrime Control Center, carried out a landmark disruption operation against Lumma Stealer, the most prevalent infostealer observed between October 2024 and October 2025. The sophisticated malware-as-a-service (MaaS) platform retrieve sensitive data from various browsers and applications, such as cryptocurrency wallets, which is then sold to access brokers through dark web forums and Telegram channels. Over 2,300 malicious domains were seized or blocked, cutting off Lumma’s infrastructure and redirecting infected devices away from criminal control.

Despite this, organizations still need to take the highest measures when it comes to their cybersecurity. As cybercriminals are leveraging AI, businesses also need to see how they can best boost their defenses.

“Defensive measures alone are not enough to deter nation-state adversaries. Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violate international rules. Encouragingly, governments are increasingly attributing cyberattacks to foreign actors and imposing consequences such as indictments and sanctions. This growing transparency and accountability are important steps toward building collective deterrence. As digital transformation accelerates—amplified by the rise of AI—cyber threats pose risks to economic stability, governance, and personal safety. Addressing these challenges requires not only technical innovation but coordinated societal action,” she concluded.