Darktrace has released new findings on cyber threats affecting the Asia–Pacific and Japan (APJ) region, reporting a sharp escalation in email compromise, cloud-targeted intrusions and third-party supply chain attacks over the 12 months to July 2025. The company says geopolitical tensions, rapid cloud adoption and the growing use of generative AI by threat actors are driving both the scale and sophistication of attacks.
Business email compromise continues to pose the most significant risk. Darktrace’s telemetry shows that almost one-third of phishing emails detected globally in 2024 contained new social-engineering techniques, reflecting an ongoing increase in the complexity of lures. The company also observed a steep rise in non-English phishing campaigns across APJ, including a 1,700 per cent increase in Japanese-language phishing emails between September 2024 and October 2025.
The report highlights that state-linked groups from China and North Korea are increasingly using generative AI to craft highly targeted emails, automate social engineering and support malware development. Darktrace says this has allowed these groups to conduct more convincing and efficient campaigns against government, financial, and critical infrastructure targets across Australia, Singapore, Japan and South Korea.
Cloud environments are also becoming a focal point for attackers. Many organisations surveyed reported a slower response time for cloud investigations—taking three to five days longer than for on-premises incidents—due to decentralised processes and insufficient visibility. According to Darktrace, 89 per cent of organisations suffered damage before incident containment was complete.
Third-party supply chain compromises remain a growing concern, with 15 per cent of data breaches linked to vulnerabilities in upstream vendors. The average cost of these incidents has risen to US$4.91 million.
Threat groups singled out in the report include North Korea’s Lazarus-linked Bluenoroff unit, which is increasingly targeting cryptocurrency exchanges; China-linked APT40 and APT41, which continue to exploit public vulnerabilities across the region; and Scattered Spider, which uses advanced social engineering and voice-phishing techniques against APJ organisations.
Darktrace’s incident response lead, Victoria Baldie, said distinctions between state-sponsored and financially motivated actors are increasingly blurred, and the adoption of generative AI has amplified threat activity across APJ.
The company says the findings underline the need for unified security architectures capable of addressing email, cloud and supply chain vectors simultaneously, supported by AI-driven detection and response.