AI: Chinese Cybercrime Markets Move Billions Underground

Written by Claude Baumann | Publisher

CrowdStrike’s latest «2025 APJ eCrime Landscape Report» exposes a booming Chinese-language underground economy that has processed billions in illicit trades and a new generation of AI-driven ransomware campaigns sweeping across Asia-Pacific.

Despite Beijing’s tight internet controls, Chinese-speaking threat actors have built a vast underground network, according to a media release issued on Wednesday.

Marketplaces such as «Chang’an», «FreeCity», and «Huione Guarantee» have become critical trading hubs for stolen credentials, phishing kits, malware, and laundering services. Huione Guarantee alone allegedly processed more than 27 billion USD in transactions before its 2025 takedown.

AI Pushes Ransomware into High Gear

Cybersecurity company CrowdStrike warns that artificial intelligence is now embedded in every step of the ransomware economy – from crafting convincing social-engineering lures to writing self-modifying malware.

Emerging Ransomware-as-a-Service operators like «KillSec» and «Funklocker» used AI-generated code in more than 120 attacks targeting high-value victims, particularly in India, Australia, and Japan.

The most affected industries include manufacturing, technology, and financial services, with more than 760 companies publicly listed on leak sites.

Market Manipulation Meets Cyber Fraud

Another trend uncovered: Chinese-speaking hackers exploiting Japanese trading accounts.

By hijacking retail investor credentials and inflating illiquid China-based stocks, they staged sophisticated pump-and-dump schemes – selling the compromised data on the same underground markets that fuel the region’s cybercrime ecosystem.

Cybercrime as a Service Goes Mainstream

Providers like «CDNCLOUD» (bulletproof hosting), «Magical Cat» (phishing-as-a-service), and «Graves International SMS» (spam distribution) are professionalizing eCrime across the region.

Together with remote-access tools such as «ChangemeRAT», «ElseRAT», and «WhiteFoxRAT», they enable scalable, industrial-grade attacks masquerading as legitimate communications and purchase orders.

«Defenders Must Match the Pace»

«eCrime actors are industrializing cybercrime across APJ through thriving underground markets and complex ransomware operations,» said Adam Meyers, head of counter-adversary operations at CrowdStrike. «Defenders must meet this new pace of attack with decisive action, powered by AI, informed by human experience, and unified in response,» he added.

CrowdStrike’s full report provides deeper intelligence on adversary profiles and defense strategies as the battle between AI-enhanced attackers and defenders intensifies across Asia-Pacific.