Hacktivists and state-backed cyber attackers have increasingly focused on India, with over 10 per cent of APT attacks in the region directed at the country
India has emerged as the most targeted nation for hacktivist attacks globally and the leading regional target for advanced persistent threat (APT) groups, according to a recent report by cybersecurity firm Group-IB. The country accounted for 12.8 per cent of all hacktivist attacks worldwide in 2024 and was the target of nearly half (49.3 per cent) of all attacks in the Asia-Pacific region.
Political State-Sponsored Attacks On Rise
Hacktivists and state-backed cyber attackers have increasingly focused on India, with over 10 per cent of APT attacks in the region directed at the country. These cyber campaigns are often politically motivated, targeting entities based on India’s diplomatic stance.
“Throughout 2024, politically motivated cyber actors engaged in distributed denial-of-service (DDoS) attacks, website defacements, and large-scale data leaks, targeting entities aligned with geopolitical adversaries,” said Dmitry Volkov, CEO of Group-IB. “India, in particular, emerged as a primary target, as its diplomatic stance on international conflicts provoked retaliatory cyber campaigns from various hacktivist factions.”
As India’s economic and geopolitical influence grows, so does its vulnerability to cyber threats. Cyber fraud targeting Indian citizens has surged by 51 per cent, according to the country’s National Cyber Reporting Platform (NCRP), with nearly half of these attacks originating from three other nations in the region.
Financial Utilities Sectors Under Fire
Beyond hacktivism, India has seen a sharp rise in cyberattacks on its financial and utilities sectors. According to managed application security provider Indusface, application attacks increased by 20 per cent last year, with attacks on vulnerabilities nearly doubling and bad bot-driven threats rising by 48 per cent.
The surge in bad bot activity is particularly concerning as these attacks are often detected only after behavioural models identify them as malicious, said Venkatesh Sundar, founder and president of the Americas for Indusface. “Hacktivists or APTs have limited methods to infiltrate systems, so as long as the basics are done well, it should work” to protect digital assets, he said. “That said, security is like securing a house, and you need multiple locks so that if one lock fails, the other protects.”
Cybersecurity Shift Toward Digital Isolation
With geopolitical tensions escalating, cyberattacks for financial gain, intelligence gathering, and political motives are expected to rise in 2025, Group-IB warned. State-sponsored cyberattacks are likely to target critical infrastructure, government systems, and private businesses.
China, India’s regional rival, has already begun investing in its own domestic technology to “de-globalise” its infrastructure. This trend towards digital isolation could reduce foreign cyber threats but may also fragment the internet, leading to national networks with unique regulations and security measures.
“In this environment, some nations, or coalitions of countries, may choose to de-globalise their digital infrastructure, creating isolated networks that are less susceptible to foreign interference,” Group-IB’s report stated. “While this fragmentation of the Internet could result in a patchwork of national networks—each with its own regulations and security protocols—[it] could complicate international relations and pose significant challenges for organisations operating across borders.”
The growth of hacktivism has further fuelled cyberattacks on India. Hacktivist groups—both domestic and international—have engaged in cyber warfare as part of global conflicts, including Russia-Ukraine and Israel-Palestine. Pro-Palestinian hacktivists, for example, have frequently targeted India due to its diplomatic stance and growing ties with Israel.
Indian Organisations Strengthen Cyber Defences
To counter these threats, Indian government agencies and private enterprises have introduced stringent cybersecurity guidelines tailored to different industries, including stock exchanges, financial institutions, payment operators, and insurers.
“The industry bodies are coming up with new cybersecurity guidelines almost every [quarter],” said Indusface’s Sundar. “All of this is in addition to security accreditations that these companies already do.”
Companies are being advised to map their external attack surfaces, eliminate outdated applications and APIs, conduct regular vulnerability scans, and integrate security checks into their software development pipelines. Virtual patching is also being recommended when immediate updates are not feasible.
Furthermore, organisations are leveraging artificial intelligence to monitor network activity, detect anomalies, and preemptively block cyberattacks. As India continues to solidify its position as a regional power, robust cybersecurity measures will be critical to safeguarding its digital assets and national security.
