Report an incident

Get 24/7 incident response assistance from our global team

x
Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

APAC Intelligence Insights, November 2025
← Research Hub

APAC Intelligence Insights, November 2025

Authoritative cyber threat intelligence for leaders defending the Asia-Pacific (APAC) region.

Download the APAC Intelligence Insights Report – November 2025 to gain a clear, intelligence-led view of the most active cyber threats, attack trends and threat actors targeting organizations across Asia-Pacific.

Produced by Group-IB’s global threat intelligence experts, this report delivers actionable insights to help security, risk and executive leaders anticipate threats and strengthen cyber resilience.

Gain access to in-depth analysis covering cybercrime activity, ransomware campaigns, data breaches, fraud trends and emerging attack techniques impacting APAC organizations.

Why This Report Matters

Understand how cyber threats are evolving across APACUnderstand how cyber threats are evolving across APAC

Identify which industries and geographies are most targetedIdentify which industries and geographies are most targeted

Anticipate new attack techniques and criminal business modelsAnticipate new attack techniques and criminal business models

Translate intelligence into practical defensive actionsTranslate intelligence into practical defensive actions

Whether you are responsible for security strategy, risk management, fraud prevention, or regulatory compliance, this report provides clarity in a fast-changing threat landscape.

Key Findings & APAC Cybersecurity Trends in November 2025

Inside the November 2025 edition, you’ll learn:

SideWinder Strikes Again: ClickOnce Exploited In South Asia Espionage CampaignSideWinder Strikes Again: ClickOnce Exploited In South Asia Espionage Campaign

The India-linked APT group SideWinder is targeting government entities across South Asia through a phishing-driven campaign that uses advanced social engineering, Microsoft exploitation methods, and living-off-the-land techniques to covertly deploy malware via trusted system processes.

Fake Payment Alerts Fuel PDF File-Share Phishing CampaignFake Payment Alerts Fuel PDF File-Share Phishing Campaign

Group-IB Threat Intelligence uncovered a phishing campaign by the threat actor Xanders who impersonated a Malaysian financial institution, and used fake payment notification emails to lure victims into clicking PDF file-share-links which led to credential-harvesting pages.

Trusted Platform Abused in Thai Crypto Phishing CampaignTrusted Platform Abused in Thai Crypto Phishing Campaign

Since 8 November 2025, threat actors have used a compromised email automation platform Taximail to send phishing emails that impersonate major Thai companies. The messages promoted fraudulent crypto investments and appeared to pass SPF and DKIM checks. Taximail later confirmed that its platform was abused to send these spoofed emails.

Shared Contractor Suspected in Wave of South Korean Source Code LeaksShared Contractor Suspected in Wave of South Korean Source Code Leaks

Between 13 to 17 November 2025, a threat actor known as “888” advertised the sale of source code from several major South Korean companies like Samsung, HD Hyundai and LG on Darkforums. While the initial access method is still unclear, analysts are moderately confident that a shared contractor may have served as an entry point for these breaches.

Template-Based Websites Power Ongoing Binary Options Scam in VietnamTemplate-Based Websites Power Ongoing Binary Options Scam in Vietnam

Group-IB’s High Tech Crime Investigations Team has been tracking a fake binary options investment campaign targeting Vietnamese users since November 2023. Still active as of November 2025, the scam relies on template-based websites and persistent social engineering, and new fraudulent pages continue to appear.

Upbit Hit by Solana Asset Theft in Major Crypto Security IncidentUpbit Hit by Solana Asset Theft in Major Crypto Security Incident

On 27 November 2025, South Korean crypto exchange Upbit reported the illicit withdrawal of roughly KRW 54 billion (or approximately USD 36 to 40 million) in Solana-based tokens to an unauthorized wallet. The exchange suspended deposits and withdrawals, launched an emergency security review, and confirmed that all losses will be fully covered using its own assets.

Each insight is supported by real investigations, telemetry and intelligence collected by Group-IB’s research teams.

Who Should Read This Report?

This report is essential reading for:

Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and Heads of Security.Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and Heads of Security.

Fraud, Risk and Compliance Leaders.Fraud, Risk and Compliance Leaders.

Government and Law Enforcement Professionals.Government and Law Enforcement Professionals.

Security Operation Center (SOC), Incident Response (IR) and Threat Intelligence (TI) TeamsSecurity Operation Center (SOC), Incident Response (IR) and Threat Intelligence (TI) Teams

Board-level and Executive Decision-MakersBoard-level and Executive Decision-Makers

If you are responsible for protecting digital assets, customers or national infrastructure in APAC, this report is for you.

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Intelligence Insights Report, November 2025
New
Trend Report
Intelligence Insights Report, November 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, October 2025
New
Trend Report
Intelligence Insights Report, October 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more