-
Chinese-language cybercrime markets are booming on the dark web and encrypted apps, allowing hackers to openly trade stolen data and sell all kinds of hacking tools.
-
Ransomware attacks, powered by AI, are becoming more aggressive in Asia, with new groups like KillSec and Funklocker already behind more than 120 incidents.
-
Cybercrime services now look a lot like real business – they’ve got specialists for everything—bulletproof hosting, phishing-as-a-service, etc.
Cybercrime in Asia is leveling up fast. The old black markets are still around, but now they’re packed with new tactics. AI isn’t just a buzzword here—it’s powering a whole new wave of digital heists.
CrowdStrike just released a report that tells everything about this alarming development. The report tells how organized cybercriminals aren’t letting up; they’re all in and targeting Asia hard.
Chinese-Language Criminal Ecosystems Persist
Underground markets continue to fuel cybercrime across Asia-Pacific and Japan. Platforms like Chang’an, FreeCity, and Huione Guarantee are especially resilient.
They operate openly on the clearnet and darknet. They also use encrypted apps like Telegram.
These underground markets have pretty much everything – stolen logins, phishing kits, malware, you name it. Need to wash dirty money? They have laundering services ready to go, too.
This ecosystem enables highly organised fraud. The report uncovered one scheme in Japan. Chinese-speaking bad actors hijacked Japanese trading accounts.
They used these accounts to carry out pump-and-dump stock schemes. The attackers inflated low-volume China-based stocks. They then cashed out for massive profits.
Stolen data from these operations was sold on the Chang’an marketplace. This shows a tight, cross-platform criminal loop.
AI and Ransomware Escalate Threats
Cyber attackers are now using AI as a core tool. It powers “Big Game Hunting” ransomware campaigns. These campaigns target high-value organisations with precision.
CrowdStrike observed a sharp spike in AI-enhanced social engineering. Automated malware tools are picking up speed, too. The worst-hit countries? India, Australia, and Japan.
There’s also a wave of new ransomware gangs coming up fast. KillSec and Funklocker, for example, have been especially busy, running their attacks through a ransomware-as-a-service model.
This model lets less skilled attackers rent their malware. These two groups carried out over 120 incidents and named 763 victims on data leak sites.
The manufacturing, technology, and financial services sectors were attacked the most. This highlights a focus on disrupting critical industries.
Cybercrime Services Become Industrialised
The cybercrime world now mirrors legitimate business. It has specialised providers that support large-scale operations. This industrialisation makes attacks more efficient and widespread.
One service, CDNCLOUD, offers bulletproof hosting. This protects criminal sites from being taken down. Another, Magical Cat, provides phishing-as-a-service.
This simplifies running deceptive email campaigns. Graves International SMS provided global spam campaigns. These services help scale phishing and malware distribution.
Likely Chinese-speaking hackers are also deploying custom tools. They use remote-access trojans (RATs) like ChangemeRAT and ElseRAT. The WhiteFoxRAT is another common tool.
They spread these RATs through clever tricks. These include SEO poisoning and malvertising. Phishing emails disguised as purchase orders are also common.
These tactics mainly target Chinese- and Japanese-speaking users. The expansion and professionalisation of these services mean cyber threats will continue growing. The report suggests a tough road ahead for cybersecurity defenders.
