China and North Korea Lead Surge in Global Cyber Espionage as APAC Tensions Rise

Advanced persistent threat (APT) groups backed by China and North Korea have become the dominant force behind sophisticated cyberattacks, accounting for the majority of global APT activity over the last two quarters, according to ESET’s latest “APT Activity Report.”

  Asia Cyber affairs News   May 21, 2025  Add to Reading List
China and North Korea Lead Surge in Global Cyber Espionage as APAC Tensions Rise

Advanced persistent threat (APT) groups backed by China and North Korea have become the dominant force behind sophisticated cyberattacks, accounting for the majority of global APT activity over the last two quarters, according to ESET’s latest “APT Activity Report.”

Driven by rising geopolitical tensions in the Asia-Pacific (APAC) — including disputes in the South China Sea and increased pressure around Taiwanese independence — these nations are ramping up offensive cyber operations. Though European organizations have seen the sharpest uptick in attacks, Southeast Asian governments and educational institutions are also being increasingly targeted.

ESET's Robert Lipovsky notes that this global cyber strategy mirrors China’s Belt and Road Initiative, with a particular focus on sectors like maritime infrastructure. “We're seeing month-by-month expansion to new targets worldwide,” Lipovsky said.

APT activity from China and North Korea now represents 55% of global cyberattacks, based on ESET’s reporting over the past 18 months. This surge is prompting regional players such as India, Taiwan, and the Philippines to both invest in their own cyber defense and offensive capabilities.

Trend Micro’s Feike Hacquebord emphasized that APT operations are increasingly tied to regional conflict. For example, cyber tensions have risen in tandem with India–Pakistan hostilities, where both hacktivism and government-sponsored campaigns are on the rise. Hacquebord added that companies in the region must stay informed about geopolitical developments to understand the nature of incoming cyber threats.

China-aligned APT groups tend to avoid spear-phishing, instead preferring vulnerability exploitation and “living off the land” tactics — methods that abuse native system tools to maintain stealth and hide their infrastructure by routing through compromised victims.

Beyond the APAC region, Chinese and North Korean threat actors are increasingly targeting the West. Notably, the North Korean group DeceptiveDevelopment launched fake job scams to infect European cryptocurrency and finance professionals with backdoors. China, meanwhile, is expanding operations in Europe and the US, while still maintaining attacks in Asia.

The number of state-backed cyber actors is also growing. As more countries in the region advance their offensive cyber capabilities, experts expect the volume and sophistication of campaigns to continue rising rather than abating.

In short, cyber operations are becoming a key tool in geopolitical strategy, especially in the APAC region, where state actors are turning the internet into a new battleground for influence and control.