With its compromised systems within developing technology hubs amid rapid digitalization, Southeast Asia has become a launching pad for cybercriminal groups to launch global attacks, according to a report by global cybersecurity firm Mimecast.
The compromised systems in the region are often used as proxy networks or stepping stones, masking the true origin of malicious campaigns and complicating efforts by security analysts to attribute or contain them.“Asia-Pacific’s rapid digitalization and interconnected supply chains make the region a focal point for today’s cyber threats,” said David Sajoto, Vice President and General Manager, Asia-Pacific and Japan, Mimecast.
“Our analysis shows that threat actors are not only targeting Asian organizations — they are actively exploiting compromised infrastructure in Southeast Asia to launch attacks globally. The message is clear: as the human layer becomes the new battleground, businesses across the region must pair awareness and education with AI-powered defences to build real cyber resilience,” he added.
This finding of Mimecast underscores Southeast Asia’s dual challenge; as a region experiencing both rapid digital growth and expanding exposure to cyber exploitation. With the proliferation of small and medium-sized enterprises, distributed workforces, and widespread adoption of cloud-based services, attackers are capitalizing on weaker security configurations and legacy infrastructure to infiltrate networks and route attacks worldwide.
The data reveals key trends, including the rise of smarter, AI-powered phishing and social engineering attacks, and threat groups increasingly using trusted services to evade detection and reach targets. In fact, Mimecast analysis found that phishing accounts for 77 percent of all attacks up from 60 percent in 2024 with attackers likely leveraging more AI tools.
“We’re seeing a clear evolution in attacker behavior in 2025, headlined by an exponential rise in AI-driven threats,” said Ranjan Singh, Mimecast Chief Product & Technology Officer.
“Financial platforms, regulatory agencies, and city governments have all been targeted by profit-driven ransomware groups and highly organized, state-sponsored adversaries. Threat actors are doubling down on human-focused attacks and exploiting trusted business services as their primary means of intrusion, making employee awareness and resilient systems more essential than ever,” he added.
PIXABAY PHOTO