This is a true story.
A few years ago, the IT team of a large manufacturer of construction equipment spotted something suspicious during a routine check of their network logs (kudos to them for actually checking!). Computers in their R&D department were in “conversation” with an unknown internet address originating from Asia. In 24 hours, over two gigabytes of data headed out their door. They suspected industrial espionage, so they called the Verizon Threat Research Advisory Center (VTRAC).
Verizon’s VTRAC traced the breach to the company’s chief design engineer. The engineer fell victim to a supposed recruiter. The threat actor installed malware and a backdoor, communicating with a suspicious Chinese IP address. The attackers, likely a state-funded group, then precisely targeted and exfiltrated crucial design blueprints. The VTRAC Team pieced together this targeted social engineering and technical intrusion, confirming the theft of valuable intellectual property.
Unfortunately, our forensic investigators sit on a multitude of such stories. And while this happens everywhere, the Asia Pacific region is an especially busy and tricky place for these modern-day thieves. If your company works in or with this vital part of the world, understanding how the game is changing and the challenges you can face is more critical than ever.
A seven-year analysis of Verizon's cyber data (2014-2020) revealed that cyber-espionage, often conducted by state-sponsored groups, was the sixth most common form of data theft globally. These incidents are likely underreported as they are difficult to detect, and the theft of corporate secrets does not always require public disclosure.
More recently, however, espionage has become the second most common motive for breaches and is a significant threat in the Asia-Pacific region in particular. While government-linked groups remain the main perpetrators, responsible for 85% of spying incidents between 2014 and 2020, a new trend shows a dual motivation. Verizon's 2025 Data Breach Investigations Report (DBIR) found that about 28% of attacks by these groups also had a financial reason, suggesting some are gathering intelligence while simultaneously seeking profit.
See also: Identity emerges as cloud’s weakest link: Tenable and Cloud Security Alliance
How the Game is Changing: Smarter Spies, New Tricks
The ways government-linked cyber attackers steal secrets are also getting sharper. In the past, the main tactics were a mix of phishing (tricking people through fake emails), breaking into computer systems (using hidden backdoors or controlling systems remotely), and planting harmful software. Fake emails were a huge favourite, used in 97% of spying attacks between 2014 and 2020. Getting into systems often involves using those hidden backdoors or stolen login details.
But the 2025 DBIR shows a significant shift: attackers are increasingly breaking in by exploiting known weaknesses in software, which was a factor in 70% of recent corporate espionage attacks. This is a major trend. It means if companies don’t quickly fix known software problems, attackers can use those openings. This is especially true for systems that connect directly to the internet, like VPNs or other "edge" devices. While stolen login details are still a common tool, directly using these software flaws seems to be the new preferred way in for spies. Attackers are also devising new ways to fool people, like "Prompt Bombing," where they flood users with login requests, hoping someone will eventually just click "approve" to make them stop. This demonstrates the threat actors’ continuous adaptation to bypass company defenses including “depth in defense” controls.
See also: Singapore joins Global Scam Exchange to support a borderless fight against scams
What are they after? Still the same valuable information: company secrets. In the past, stolen login details, company secrets, internal company information, and classified information were top targets. This focus on private plans, research, secret formulas, and strategic documents remains the core of these spying efforts.
The 2025 DBIR reinforces this region’s status as a key target for corporate espionage. It notes that "System Intrusion"—a type of attack often linked to skilled attackers, including spies—is behind a massive 83% of all data thefts in the region. The report also mentions that attackers from outside the company, including those linked to governments, are responsible for nearly all data thefts in Asia Pacific, with their goals being a mix of making money and spying. The immense diversity within the APAC region itself—from highly developed tech countries to growing economies—creates a wide range of targets and many strategic reasons for spying to occur.
The tough realities: Why stopping secret stealing is so hard
Fighting business spying is a constant struggle with some very difficult, ongoing challenges.
One of the biggest is simply spotting the spies. It can often take months, or even years, for companies to realise they've been spied on. Attackers are masters of stealth. They will sometimes hide inside a company’s network for a long time, quietly gathering information before trying to sneak it out. They often use specially made harmful software, exploit undiscovered software flaws, and even use normal, everyday computer tools to make their activities look like regular work, all to avoid setting off alarms.
Figuring out who is behind an attack is another huge problem. Spying groups try very hard to cover their tracks, often using fake internet addresses, hiding behind cyber criminals and other tricks to help make it nearly impossible to definitively identify them. This can make it hard for governments and law enforcement to respond effectively.
Many spying incidents probably never get publicly reported. When thieves steal company research or secret plans, it’s different from when they steal customer credit card numbers. In some jurisdictions, local laws don’t compel companies to report such incidents. This means the true number of these attacks can be much higher than official figures suggest.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
The increasing complexity of how businesses operate can also create more openings for spies. The security of an organisation is increasingly intertwined with the security of its software vendors, service providers, and other third parties that make up its broader operational and digital supply chain. In fact, the percentage of breaches involving a third party (which includes software vulnerabilities from vendors in the supply chain) doubled from 15% in the previous year to 30% in the current DBIR.
And, of course, there's the human factor. Tricking people, as both reports show, still works very well. Even with the best technology, one employee clicking on a fake email or falling for a convincing phone call can give spies the opening they need. Interestingly, our research shows that users are also more likely to be compromised via phishing attempts on their smartphones
Finally, the groups that are best at spying, sometimes backed by national governments, possess considerable skill and resources. They can be very patient and focus on their targets for a long time. This makes it incredibly tough for individual companies, or even many governments, to fully protect themselves. While the 2025 DBIR suggests that these top-tier government-linked cybersecurity spies don't often target small businesses directly for espionage, the interconnected nature of modern business means smaller companies can still get caught in the crossfire or be used as a stepping stone to a bigger target.
To sum up, business spying, especially in Asia, is a serious threat that’s not only here to stay but is also getting more sophisticated. Attackers are using smarter ways to break in, like exploiting software weaknesses more often, alongside their old tricks. They might even be looking to make money while they’re at it. The challenges of spotting them, figuring out who they are, and the sheer talent of these attackers mean that companies in Asia Pacific need to be more alert than ever. They need good defenses, smart ways to find threats, solid plans for what to do if they are attacked, and a clear understanding of what’s happening in the wider world. In an age where a company's best ideas can be stolen without anyone hearing a thing, being prepared isn't just a good idea—it's essential.
Mark Trumble is the head of Cybersecurity for Asia Pacific at Verizon Business
