Google warns of espionage and scams in JAPAC in 2026

A surge in politically motivated cyber espionage is expected to hit the Asia-Pacific region in 2026, with high-profile summits across the region set to attract intense targeting from state-backed actors. According to Google Cloud's Cybersecurity Forecast 2026 for JAPAC, a number of major diplomatic gatherings will be prime targets for intelligence-driven attacks, including the ASEAN Summit in the Philippines, the APEC Economic Leaders' Meeting in China, and the Pacific Islands Forum in Palau.

The report states: "In 2026, a series of high-profile political and security summits across the region are expected to serve as targets for increased cyber espionage activity." It notes that these events will "fuel operations seeking political, industrial, and military intelligence to gain a negotiation advantage, and inform sponsor nations' political positioning and decision-making."

These campaigns are expected to evolve from previous regional incidents, including activity in 2025 that targeted Southeast Asian diplomats and a 2024 campaign that used a "U.S.-Taiwan defence industry conference-themed lure to target individuals likely associated with the event." The report warns that the trend demonstrates continuity in regional espionage, with adversaries refining social engineering and thematic deception techniques to penetrate diplomatic networks.

False base station scams

Beyond political targets, the report highlights the persistence of financially motivated cybercrime - particularly the use of vehicle-mounted false base stations (FBS). These mobile units impersonate legitimate cellular networks to lure nearby phones into connecting. Once connected, they deliver fraudulent SMS messages designed to dupe victims into clicking links that lead to malicious sites.

"In 2026, the threat posed by vehicle-mounted false base stations (FBS) will continue," the report says, describing the devices' use of "deceptive tactics that exploit the inherent lack of security in cellular broadcast messages."

The scams typically involve phishing messages "promising discounts or other content - with links directing users to sites controlled by threat actors." According to the forecast, such operations are "often carried out by suspected China-nexus cybercriminals who hire low-level 'mules' via social messaging applications like Telegram."

Even as law enforcement agencies across the region have made arrests, the operations have proven resilient. "Despite successful law enforcement operations and arrests in countries like Thailand and Indonesia in Q1 2025, the operations quickly re-emerged in Q3," the report notes. "This demonstrates the profitability and resilience of the FBS tactic, indicating its continued use globally in the coming year."

The continuation of these scams reflects broader challenges in policing cybercrime across borders. With criminal groups increasingly using low-cost, portable infrastructure, the tactic remains profitable and difficult to dismantle, particularly when driven by financially motivated syndicates operating with transnational coordination.

Supply chain mandates

The report also outlines major regulatory shifts expected to impact businesses across Japan and South Korea in 2026. In response to growing supply chain risks, both nations are introducing more stringent cybersecurity mandates aimed at enhancing resilience across critical industries.

"Organisations operating in or with ties to Japan and South Korea will need to implement substantial new, proactive supply chain cybersecurity mandates," the report explains. Both governments are "tightening defence following high-profile incidents."

Japan, for instance, is preparing to launch a Cybersecurity Measures Evaluation System by fiscal year 2026. The report says the initiative "will require companies, particularly in the manufacturing sector (like chipmaking), to visualise and verify the security status of their supply chains to meet security effectiveness measures based on the international standard ISO/IEC 15408."

Additionally, Tokyo plans to introduce "a new cybersecurity rating system to assess companies' overall security posture." This move reflects Japan's growing emphasis on transparency and accountability in digital supply chains amid concerns over national security and industrial competitiveness.

South Korea, meanwhile, is described as "overhauling its cyber defence posture for critical sectors like telecommunications following major breaches." According to the forecast, this overhaul will result in "stricter government oversight and mandatory investments in robust security systems across their extensive technology supply chain."

These policy shifts underscore how regional governments are moving from reactive responses to proactive regulation, with cybersecurity increasingly embedded in trade and industry frameworks. For businesses, compliance will demand not only technological upgrades but also closer collaboration with regulators and partners across the supply chain.

Regional resilience

The 2026 forecast paints a complex picture for the JAPAC region - one where nation-state espionage, resilient cybercrime tactics, and tightening regulatory controls intersect. While law enforcement and policy initiatives continue to evolve, the report suggests that adaptability, intelligence-sharing, and sustained investment in security infrastructure will be essential for the region's resilience in the year ahead.