Advanced persistent threat (APT) groups aligned with China and North Korea have emerged as the dominant force behind the most sophisticated cyberattacks globally, accounting for 55% of state-sponsored activity detected in the past two quarters. This is according to the latest APT Activity Report from cybersecurity firm ESET, which points to rising geopolitical tensions and a growing cyber arms race across the Asia-Pacific (APAC) region.
While the bulk of new cyber operations from these two nations have focused on European and U.S. targets, countries in Southeast Asia are also facing a steady rise in state-backed attacks. Government entities and educational institutions remain prime targets, as adversarial campaigns are increasingly used to achieve strategic and political goals.
According to Robert Lipovsky, ESET’s senior malware research manager, China’s cyber strategy mirrors its broader ambitions under the Belt and Road Initiative, with a particular focus on sectors like maritime infrastructure. “Month after month, we’re detecting new targets all over the world, and the pattern is clear: cyber is now a strategic tool for global influence,” he said.
Regional Conflicts Fuel Rise in Cyber Operations
The rapid growth in China and North Korea APT cyberattacks has triggered a cyber rearmament among neighboring countries. Nations like India, Taiwan, and the Philippines are seeing increased cyber activity while also enhancing their own offensive and defensive capabilities.
The conflicts driving this escalation include China’s disputes in the South China Sea and cross-strait tensions with Taiwan, as well as the ongoing friction between India and Pakistan, which has led to both state-sponsored cyber operations and hacktivism.
Feike Hacquebord, principal threat researcher at Trend Micro, noted that companies in the region need to stay alert to geopolitical shifts: “If you want to understand the why behind these campaigns, you have to follow the regional tensions. It’s not just espionage — financial motivations are in the mix too.”
Though China and North Korea dominate the threat landscape, other Southeast Asian APT groups accounted for 3.2% of detected attacks. These actors are developing distinct tactics and techniques. For example, while Russia-linked groups often use spearphishing, Chinese APTs prefer exploiting vulnerabilities and using stealthy ‘living-off-the-land’ methods to avoid detection.
“They’re effectively using victims as proxies to conceal their infrastructure,” Lipovsky said. “It’s a stealth strategy that gives them resilience and camouflage.”
APT Threats Expand Beyond Asia
Both Chinese and North Korean groups are now projecting power well beyond the Asia-Pacific. North Korea, while continuing to focus heavily on South Korea, has also been spotted using job scams to breach cryptocurrency and financial firms in Europe. ESET’s research highlighted the DeceptiveDevelopment group, which deploys backdoors by luring victims through fake job offers.
Meanwhile, China-aligned threat actors have increasingly turned their attention to European and American targets, diversifying from their traditional focus within Asia. Lipovsky emphasized this shift: “We’re seeing more attacks aimed at the West, not because they’ve abandoned Asia, but because their scope has become global.”
As cyber offense becomes a central tool of modern diplomacy and warfare, more developing nations in the region are expected to follow suit. Hacquebord predicts an even more crowded field in the years ahead: “I don’t see the number of campaigns going down anytime soon — quite the opposite. With all the regional tensions, more players will enter the game.”
