The growing threat of APT continues to disrupt the Asia-Pacific region

These attacks, primarily motivated by cyber espionage, often target state secrets, military intelligence, and other sensitive government data across the region.

Noushin Shabab, Senior Security Researcher at Kaspersky’s Global Research & Analysis Team (GReAT), stated that the Asia-Pacific region has long been a hotbed for cyber espionage, owing to its tense geopolitical landscape and rapid digital and economic development.

This has resulted in a complex threat environment, where multiple threat actors target high-profile agencies and key organisations across the region.

In 2025, Kaspersky experts observed that cybercriminal groups have continuously upgraded their tools and techniques to target victims. These APT groups, which target governments, military secrets, and strategic intelligence, are likely to be state-sponsored, in contrast to common cybercriminals who typically seek financial gain.

APT campaigns in the region are not limited to data theft. They also aim to create decisive geopolitical advantages. Organisations, especially those in sensitive sectors, must prioritise enhancing cybersecurity and invest in threat intelligence to stay ahead of evolving threats, Shabab added.

Kaspersky’s GReAT team has tracked over 900 APT campaigns globally, with the following groups identified as key players in the Asia-Pacific region from 2024 to the present:

• SideWinder: Dubbed the "most severe threat in the Asia-Pacific," this group targets governments, military forces, and diplomatic agencies in the region using spear-phishing and sophisticated attack platforms.
   
• Spring Dragon (Lotus Blossom): This group primarily targets Vietnam, Taiwan, and the Philippines, leveraging spear-phishing, vulnerability exploitation, and watering hole attacks to infiltrate victim systems. Kaspersky researchers have found over 1,000 malware samples used over a decade to target Southeast Asian government agencies.
   
• Tetris Phantom: Identified by the GReAT team in 2023, this group began deploying highly complex malware aimed at USB drives.
   
• HoneyMyte: Known for stealing sensitive political and strategic data from governments and diplomatic agencies in Southeast Asia, especially Myanmar and the Philippines, HoneyMyte currently employs ToneShell malware, which is deployed via multiple loaders throughout 2024–2025.
   
• ToddyCat: Active since 2020, this group focuses on major Malaysian targets. It is known for its advanced technical expertise and has developed malicious tools using publicly available code to evade legitimate security software and maintain covert access within target environments.
   
• Lazarus: Infamous for the 2016 Bangladesh Bank heist, Lazarus remains one of the principal APT groups in the Asia-Pacific region. The state-sponsored group continues its operations with both espionage and financially motivated campaigns.