Singapore has emerged as the most targeted nation for ransomware attacks in Southeast Asia, according to the 2025 APJ eCrime Landscape Report by cybersecurity firm CrowdStrike. The report highlights a robust Chinese-language underground ecosystem that facilitates cybercrime activities in the region, including Singapore.
The report reveals that Singapore, despite its smaller market size, surpasses Indonesia, Malaysia, and Thailand in ransomware targeting. It is also among the top five most targeted markets in the Asia Pacific and Japan (APJ) region, alongside India, Australia, Japan, and Taiwan. Key industries affected include manufacturing, technology, industrials and engineering, financial services, and professional services.
CrowdStrike’s findings point to a thriving Chinese-language underground ecosystem that supports eCrime across APJ. This includes the now-defunct Huione Guarantee marketplace, which reportedly facilitated $27b in illicit transactions. Additionally, the China-based bulletproof hosting provider CDNCLOUD is said to maintain an office in Singapore, offering services to cybercriminals across Asia.
The report also notes that targeted eCrime threats are evolving beyond ransomware. For instance, account takeover campaigns are targeting Japanese securities companies, whilst a Vietnamese eCrime ecosystem focuses on compromising high-value social media business accounts.
Adam Meyers, head of counter adversary operations at CrowdStrike, stated, “eCrime actors are industrialising cybercrime across APJ through thriving underground markets and complex ransomware operations. Simultaneously, AI-developed malware enables adversaries to launch high-velocity, high-volume attacks.”
The report underscores the need for robust cybersecurity measures to counter these evolving threats, highlighting the role of AI in both facilitating and combating cybercrime.
