Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has released its annual High-Tech Crime Trends Report 2025. The findings reveal that cybercrime is no longer a collection of isolated incidents—it has evolved into a complex, self-sustaining chain reaction where regional threats, such as state-sponsored espionage, ransomware, underground marketplaces and AI-driven cybercrime, reinforce and accelerate one another.
Unraveling the Web of Cybercrime
Group-IB’s High-Tech Crimes Report reveals a 58% surge in Advanced Persistent Threat (APT) attacks between 2023 and 2024, with over 20% targeting the Asia-Pacific region. Indonesia experienced the second-highest number of APT-related cyberattacks in 2024, accounting for 7% of all incidents in the region, while Malaysia made up 5%. In May 2024, North Korean APT group Lazarus stole over US$308 million in cryptocurrency from Japan’s DMM platform. Meanwhile, newly emerged APT group DarkPink targeted government and military networks, stealing confidential documents, infecting USB devices, and accessing messaging applications on compromised machines.
Cybercriminals, such as APTs, often gain unauthorised access to compromised networks via Initial Access Brokers, who obtain and sell unauthorized access via the dark web. In 2024, 3,055 corporate access listings sold by Initial Access Brokers were detected on dark web marketplaces, a 15% year-over-year increase, with 427 instances in the Asia Pacific region. Indonesia, Thailand, and Singapore accounted for 6% of these incidents each.
Ransomware remains one of the most profitable forms of cybercrime, with attacks rising by 10% globally in 2024, fuelled by the Ransomware-as-a-Service (RaaS) model. The Asia Pacific region recorded 467 ransomware-related attacks, with real estate, manufacturing, and financial services among the top targeted industries. Underground recruitment efforts for ransomware affiliates increased by 44%, further demonstrating the industrialization of cyber extortion.
Beyond financial extortion, ransomware attacks often result in significant data breaches. Last year alone, 5,066 ransomware incidents led to data leaks on Dedicated Leak Sites (DLS), exposing sensitive business and institutional data. A staggering 6.4 billion compromised records appeared on cybercriminal marketplaces, including email addresses, phone numbers, financial data, and passwords, fuelling cyber fraud, identity theft, and secondary attacks.
Among these, more than 6.5 billion leaked entries contained email addresses, over 3.3 billion included phone numbers, and 460 million passwords were exposed. Indonesia and Thailand ranked among the top 10 global markets affected by dark web data leaks.
The accessibility of stolen data has contributed to a surge in phishing attacks, which rose by 22% globally in 2024. Cybercriminals are now leveraging AI-generated deepfake technology to make phishing campaigns more convincing and harder to detect. In the Asia Pacific region, More than 51% of phishing attacks targeted the financial services sector, while commerce and retail accounted for more than 20%.
Meanwhile, the Asia-Pacific region accounted for nearly 40% (2,113) of hacktivism-related attacks, with India alone making up almost 13%. Hacktivist groups like ETHERSEC TEAM CYBER from Indonesia and RipperSec from Malaysia were particularly active, carrying out DDoS attacks, website defacements, and data leaks targeting government and financial institutions.
“The High-Tech Crime Trends Report 2025 illustrates that cybercrime is not a series of random incidents—it is a chain reaction where each attack strengthens the next,” said Dmitry Volkov, CEO of Group-IB. “Geopolitics is destabilized by espionage, which is fuelled by data breaches, while at the same time ransomware exploits these breaches, all contributing to an ever-growing cyber threat landscape. Organizations must adopt proactive security strategies, fortify cyber resilience, and recognize that every cyber threat feeds into a larger, interconnected battle. To mitigate these threats, we must disrupt the cycle by enhancing cooperation and building a global framework to fight against cybercrime.”