According to the latest cybersecurity report from Kaspersky, the company’s security solutions blocked nearly 819,000 spyware attacks aimed at organizations and businesses across Southeast Asia in 2025 - an 18% increase from the previous year.

The sharp rise reflects a major tactical shift among cybercriminals, moving away from system disruption and ransomware toward silent infiltration and long-term theft of strategic data.

Simon Tung, General Manager for ASEAN and the ASEAN Economic Community (AEC) at Kaspersky, said enterprise networks across the region are increasingly becoming a “gold mine” for intelligence gathering.

Amid growing economic and geopolitical uncertainty, sensitive organizational data has become an extremely valuable asset, allowing attackers to collect and exploit information over extended periods.

Spyware not only leaks confidential information but also quietly drains system resources, reduces operational efficiency, and disrupts day-to-day business activities.

Vietnam remained the region’s most heavily targeted hotspot, with 322,821 spyware attacks blocked in the past year - up 8% compared to 2024, according to the report.

In terms of growth rate, Singapore saw the most dramatic spike, with attacks soaring 111% to more than 30,000 incidents.

Other major markets, including the Philippines and Malaysia, also recorded alarming increases of 85% and 75%, respectively.

By contrast, Thailand emerged as a rare bright spot, successfully reducing attack volumes by more than half, down 53%.

The growing sophistication of cyber espionage campaigns was highlighted by “Operation ForumTroll,” uncovered in March 2025. By exploiting a zero-day vulnerability in the Chrome browser, hackers specifically targeted organizations in critical sectors including media, government, education, and finance.

Attackers used phishing emails disguised as invitations to international forums to lure victims. Once inside a system, they deployed advanced spyware tools such as LeetAgent and Dante.

Thanks to their strong stealth capabilities, the malware allowed attackers to maintain persistent access, continuously monitor internal communications, and siphon sensitive data without detection by security systems.

Simon Tung described spyware as a “particularly dangerous threat.” An initial spyware infection, he warned, can easily trigger a prolonged chain of crises capable of destroying a company’s reputation and competitive strength.

To counter increasingly unpredictable threats, cybersecurity experts say organizations must move beyond traditional security approaches.

Businesses are advised to prioritize continuous software updates to patch vulnerabilities, minimize exposure of Remote Desktop Protocol (RDP) services to the public internet, and maintain isolated data backup systems separate from internal networks.

Experts also stressed that adopting Threat Intelligence solutions and artificial intelligence (AI) technologies has become essential for security teams to proactively identify, detect, and neutralize sophisticated espionage campaigns before digital assets are compromised.

Du Lam