CrowdStrike reports APAC cyber espionage campaigns up 200% year-on-year — state-sponsored actors targeting Singapore financial infrastructure, Japanese defence contractors, and South Korean semiconductor firms through AI-assisted spear phishing and supply chain attacks.
CrowdStrike's annual Global Threat Report documents a 200% year-on-year increase in APAC-targeted cyber espionage campaigns, with state-sponsored threat actors using AI-assisted techniques to conduct more targeted, higher-volume attacks against APAC financial services infrastructure, defence supply chains, and advanced technology manufacturers than previous years' manual spear phishing campaigns could sustain.
CrowdStrike's threat intelligence identifies three primary APAC target categories in the elevated espionage activity: Singapore's financial services sector — targeted for the combination of international capital flows, Southeast Asian corporate banking data, and the concentration of APAC regional financial decision-making in Singapore-domiciled institutions; Japanese defence contractors in the Mitsubishi, Kawasaki, and IHI supply chains — targeted for sensitive manufacturing specifications and defence technology data; and South Korean semiconductor manufacturers — targeted for chip design and manufacturing process intellectual property that represents significant economic value to state-sponsored actors.
The AI-assisted spear phishing techniques that CrowdStrike attributes to APAC-targeting threat actor groups represent a qualitative upgrade from previous generation phishing campaigns. AI-generated spear phishing emails now personalise attack content using publicly available information about the target's professional background, recent conference presentations, and LinkedIn activity — producing targeted messages that human recipients cannot reliably distinguish from legitimate professional correspondence. The volume and personalisation quality that AI enables allows threat actors to run simultaneous targeted campaigns against hundreds of APAC corporate targets rather than the dozens that manual phishing required.
For APAC CISOs and security teams, CrowdStrike's findings have specific operational implications: email security tools trained on previous-generation phishing patterns may miss AI-generated spear phishing that lacks the linguistic markers of conventional phishing; supply chain security assessments must account for supplier compromise as an initial access vector for APAC targeted attacks; and executive and board-level awareness of AI-assisted social engineering is required because technical email security controls alone are insufficient against highly personalised AI-generated spear phishing.
How AIMenta helps clients act on this
Where this story lands in our practice — explore the relevant service line and market.
Beyond this story
Cross-reference our practice depth.
News pieces sit on top of working capability. Browse the service pillars, industry verticals, and Asian markets where AIMenta turns these stories into engagements.
Other service pillars
By industry
Other Asian markets
Related stories
-
Partnership ·
Samsung and Anthropic Partner to Bring Claude Enterprise AI to Galaxy Commercial Devices for APAC B2B
Samsung and Anthropic announce enterprise partnership integrating Claude AI capabilities into Samsung Galaxy commercial device programs — enabling APAC B2B customers in manufacturing, logistics, and financial services to deploy on-device and cloud-hybrid AI processing for Korean-language workflows, enterprise document analysis, and field operations AI on Samsung Galaxy commercial hardware.
-
Open source ·
ByteDance Open-Sources Doubao-1.5 Multilingual Model Family for APAC Enterprise Deployment
ByteDance releases Doubao-1.5 open-source model family under Apache 2.0 licence — 7B and 32B parameter variants trained with comprehensive Japanese, Korean, Mandarin Chinese, and Indonesian multilingual data, with APAC enterprise benchmark results showing superior performance versus Llama 3.1 on Asian-language reasoning, document understanding, and code generation tasks.
-
Regulation ·
Japan FSA Finalises AI Model Risk Management Framework for Financial Institutions
Japan's Financial Services Agency finalises AI model risk management framework requiring Japanese financial institutions to document model validation processes, report AI-related incidents within 48 hours, and conduct annual AI system audits — applying to AI-assisted credit scoring, algorithmic trading, fraud detection, and customer service AI deployed by Japanese banks, insurers, and securities firms.
-
Company ·
Kakao Corp Spins Out KakaoAI as Independent APAC Enterprise AI Subsidiary
Kakao Corp spins out KakaoAI as an independent APAC enterprise AI subsidiary — combining KakaoAI's Korean-English bilingual LLM with Kakao's 46 million South Korean users to offer enterprise AI services to Korean conglomerates expanding into Southeast Asian markets.
-
Security ·
CISA and APAC Agencies Publish Joint AI Security Guidance for Critical Infrastructure Operators
CISA and APAC cybersecurity agencies publish AI system security guidance for critical infrastructure — covering adversarial ML attack vectors, AI model supply chain risks, and incident reporting timelines for AI-enabled attacks on APAC energy, water, and transport systems.