A new report from Cyble reveals India is grappling with a dramatic escalation in cyber attacks, leading the region in ransomware
The convergence of rapid digitalisation and intense geopolitical conflict has positioned India as the most besieged country in the Asia-Pacific region for cybercriminals and state-sponsored groups, according to the Cyble APAC Threat Landscape Report 2025.
The findings, released today, document a steep rise in highly destructive ransomware attacks, a booming black market for corporate network access, and evidence of intensifying cyber warfare between India and Pakistan-aligned groups.
Overall, the APAC region recorded 456 ransomware attacks, 1,586 data breaches, and 335 listings for initial network access sold on underground forums in 2025. India consistently ranked among the most targeted nations, alongside South Korea, Singapore, and Japan.
Ransomware Ramps Up Against Critical Sectors
The report highlights that Indian entities, particularly those in critical infrastructure and finance, were subjected to several devastating breaches.
Daksh Nakra, Senior Manager of Research and Intelligence at Cyble, warned that India’s economic growth makes it a prime target. “The convergence of ransomware operations, data brokers, and hacktivist activity calls for stronger cyber defenses and policy intervention,” Nakra stated.
Specific incidents cited in the report underscore the danger:
A major nationwide grocery retail chain was breached in October, exposing over 600,000 customer and employee records, including sensitive Aadhar and bank details.
In January, credentials for an Indian multinational payment system—including access to production databases, source code, and infrastructure—were advertised for sale.
Multiple corporations had 22 terabytes (TB) of sensitive data exposed via compromised Amazon S3 buckets.
The BFSI (Banking, Financial Services, and Insurance) sector was identified as the most heavily targeted globally by ransomware, followed by Manufacturing, IT & ITES, and Government & Law Enforcement. The group Qilin emerged as the primary threat actor in APAC, responsible for 94 attacks—over 20% of the regional total—with a notable concentrated campaign against asset-management firms in September.
Perhaps the most alarming finding is the escalation of the cyber conflict between India and Pakistan-aligned groups following the Pahalgam terror attack and India’s subsequent ‘Operation Sindoor.’
Cyble’s data shows a dramatic increase in malicious activity, recording 1.5 million intrusion attempts originating from Pakistan-aligned Advanced Persistent Threats (APTs). Over 40 hacktivist groups are reportedly engaged in coordinated campaigns, executing DDoS (Distributed Denial of Service) attacks, website defacements, and data breaches against Indian government, industry, and critical infrastructure targets.
This domestic geopolitical hacking is mirrored by wider regional espionage. China-aligned APTs, such as MirrorFace (Earth Kasha) and PlushDaemon, executed highly targeted campaigns against Japan’s government and South Korean supply chains. Taiwan, in particular, continues to be under severe pressure, facing an estimated 2.4 million daily attack attempts.
The data breach figures reveal that the public sector is struggling to cope. Government & Law Enforcement organisations recorded 427 data breach incidents (27 per cent of the regional total) and were the most listed sector for initial network access sales on the black market (54 listings). This suggests a severe vulnerability in sovereign data protection and a fertile market for espionage and illicit trade.
Adding to the security woes, an API flaw in a popular spam-blocking application was found to have exposed the Personally Identifiable Information (PII) of millions of users across India, Pakistan, and Bangladesh, including names, phone numbers, and device tokens, demonstrating the threat posed by consumer software vulnerabilities.
