Thai Businesses Attacked by Spyware Over 21,000 Times in Six Months Amid Regional Surge
Cybersecurity firm reports a 70% spike in spyware attacks across Southeast Asia in H1 2025, warning that the rise of ‘zero-click’ commercial tools poses a new strategic risk
- Thai businesses were targeted by spyware over 21,000 times in the first half of 2025, ranking fourth in Southeast Asia for such attacks.
- The attacks are part of a wider regional trend that saw a 70% spike in spyware incidents across Southeast Asia during the same period.
- A major factor in the surge is the rise of commercial "zero-click" spyware, which can infect devices without requiring the user to click on a malicious link or file.
- This spyware is designed to operate silently to steal sensitive information, such as login credentials, financial details, and proprietary corporate data.
Cybersecurity firm reports a 70% spike in spyware attacks across Southeast Asia in H1 2025, warning that the rise of ‘zero-click’ commercial tools poses a new strategic risk.
Businesses across Thailand and Southeast Asia are facing an escalating cybersecurity crisis, driven by a rapid increase in targeted spyware attacks that steal highly confidential data, a new report from Kaspersky has warned.
During the first half of 2025, Thailand ranked fourth in the region for targeted espionage, recording 21,014 instances of spyware attacks aimed at its organisations and corporate networks.
The regional trend is alarming. Kaspersky's enterprise solutions detected and blocked a total of 427,265 spyware attacks across Southeast Asia between January and June 2025.
This marks a massive 70.73 per cent increase from the 250,260 attacks recorded during the same period the previous year.
Vietnam topped the list with 191,976 detected attacks, followed by Malaysia (96,539) and Indonesia (85,560). Thailand's 21,014 detections were closely followed by Singapore (20,157) and the Philippines (12,019).
The Zero-Click Threat
The report highlights that modern spyware is discreetly installed to harvest sensitive information, differing from typical malware as it generally avoids damaging systems, programs, or files.
Instead, it operates silently by logging keystrokes, capturing screenshots, and monitoring activities before exfiltrating stolen data to attackers.
Compromised information commonly includes login credentials, account PIN codes, credit card numbers, and proprietary corporate data.
A significant factor driving the rising threat level is the emergence of commercial spyware.
These powerful tools, often sold to government and law enforcement agencies, function similarly to military-grade malware by tracking devices, stealing messages, and intercepting calls.
Crucially, this commercial software often exploits zero-click vulnerabilities, meaning a victim does not need to interact with a malicious link or file to become infected.
Pegasus, a notorious example, is known for this type of infection via platforms like iMessage and WhatsApp.
A Regional Emergency
Simon Deng, general manager for Southeast Asia and Asian Emerging Markets at Kaspersky, described the trend as a "regional cybersecurity emergency."
"The rapid rise in spyware attacks targeting businesses in Southeast Asia confirms that no market is safe from these malicious threats," Deng said. "The emergence of commercial spyware means organisations can be attacked without employees even clicking on a single malicious link."
Deng concluded that businesses must move beyond basic protective measures and adopt a multi-layered, proactive defence, viewing the threat as an immediate strategic risk rather than a routine IT problem.
