The Indo-Pacific’s cyber threat environment has entered a new phase. The 2025 Threat Hunting Report of cybersecurity company CrowdStrike describes the rise of ‘enterprising adversaries’, actors both state and criminal that operate with the precision, scale and adaptability of a well-run business.

In just the first half of this year, cloud intrusions jumped 136 percent compared with all of 2024, more than four fifths of interactive intrusions were malware-free, and identity-driven attacks such as voice phishing were on track to double last year’s volume.

These figures reflect the sharpening ability of malign actors to breach a network in hours, move invisibly across systems and use legitimate tools to achieve their goals without tripping long-established defences. Increasingly, those goals are being achieved through the weaponisation of AI.

Famous Chollima, a cybercrime group linked to North Korea, has infiltrated more than 320 companies in the past year. It achieved this 220 percent increase from last year by using generative AI at every stage of its insider threat operations. Its operators create synthetic resumes, mask their identities in interviews with deepfake tools and use AI code assistants to perform their jobs once inside. Other groups, such as Ember Bear and Charming Kitten, appear to have used AI to craft phishing lures and amplify state-aligned narratives.

Adversaries are also increasingly targeting AI technologies. CrowdStrike has seen adversaries exploiting vulnerabilities in AI software to gain initial access, a sign that, as organisations adopt AI more deeply, these systems will expand the organisations’ attack surfaces. Lower-skilled people are automating tasks once reserved for experts, including malware development. Malware families such as Funklocker and SparkCat show how generative AI can be embedded directly in malicious code.

Identity compromise is now central to both espionage and e-crime. The return of the Scattered Spider group in 2025 illustrates the point. Using voice phishing and help desk impersonation to reset passwords or multi-factor authentication tokens, it compresses the time from initial compromise to ransomware deployment to less than 24 hours. With accurate employee IDs and personal data, it can pass help desk verification and pivot rapidly into software service, identity and cloud environments.

This is a glaring vulnerability for the Indo-Pacific, where many critical infrastructure operators still lack phishing-resistant multi-factor authentication or robust identity monitoring. In sectors such as telecommunications, compromised accounts can expose subscriber data and upstream network access, creating cascading risks across borders.

Cloud exploitation has become mainstream. China-linked actors such as Genesis Panda and Murky Panda are not only targeting data in the cloud; they are navigating the control plane itself, manipulating accounts, maintaining persistence and using the provider’s own infrastructure for command and control. Glacial Panda has embedded itself in telecom networks, contributing to a 130 percent rise in nation-state activity in that sector.

Many Indo-Pacific nations are racing to adopt hyperscale cloud, often without the governance or standards needed to secure these environments. This overlooks a new reality: a compromise in one tenant can have downstream effects on partners and suppliers, making this as much a collective defence issue as a technical one.

These developments are increasingly part of hybrid strategies. Cyber intrusions are paired with information operations, economic coercion and physical disruption to maximise their effect. From Ukraine to the South China Sea, network access has supported influence campaigns, espionage and the preparation of the battlespace for future crises. For a region as contested as the Indo-Pacific, these operations should be treated as a core national security concern.

The CrowdStrike 2025 Threat Hunting Report provides many technical mitigations. Four stand out as strategic priorities.

First, investing in AI-enabled detection and threat hunting. Adversaries are using AI to move faster, so defenders need the same advantage, pairing machine learning tools with analysts trained to detect anomalies that point to malware-free cross-domain attacks.

Second, hardening identity systems. That means developing phishing-resistant multi-factor authentication, implementing strict account recovery controls for privileged users and integrating identity telemetry into wider security operations so credential abuse is detected quickly.

Third, treating cloud as critical infrastructure. Governments should work with providers to set baseline security requirements, mandate regular audits and share intelligence on active threats targeting cloud control planes. Joint exercises simulating cloud-centric attacks would help identify gaps in readiness.

Fourth, expanding real-time threat intelligence sharing. The tactics outlined in this year’s report evolve quickly, and no single organisation sees the full picture. A standing regional mechanism for sharing hybrid threat indicators across cyber, information operations and supply chains would allow partners to move from reactive alerts to coordinated defence.

CrowdStrike’s Threat Hunting Report is a reminder that the Indo-Pacific’s cyber battlespace is no longer defined by the lone hacker or the signature-based malware of a decade ago. Today’s enterprising adversaries are integrated, adaptive and comfortable operating across technical, geographic and institutional boundaries. Meeting that challenge requires the same qualities in return: agility, coordination and sustained investment. Without them, we will be outpaced in a domain that now nests as part of multi-domain coercive strategies, and that is central to the region’s security and stability.