Throughout the APAC region, Cyble recorded a staggering 456 ransomware attacks, 1,586 reported data breaches, and 335 instances of initial access listings. India consistently emerged among the most attacked nations, alongside South Korea, Singapore, Japan, Taiwan, and Thailand. Daksh Nakra, Senior Manager of Research and Intelligence at Cyble, commented that India’s swift digital transition, coupled with robust economic growth, has made it an appealing target for both independent cybercriminals and state-sponsored groups. He further emphasized the urgent requirement for enhanced cybersecurity infrastructure and policy responses, particularly given the intersection of ransomware, data brokerage, and hacktivism.
Significant Cyber Incidents Impacting Indian Organizations
Indian enterprises faced numerous high-stakes cyber incidents during 2025. A notable breach in October compromised the personal data of 600,000 customers and 1,000 employees from a major grocery retail chain, revealing sensitive information, including Aadhaar and banking details.
Earlier in January, a prominent Indian multinational payment service was breached, leading to unauthorized access to production databases and source code, all of which were subsequently listed for sale on underground forums. Additionally, multiple organizations reported leaks of their corporate datasets due to vulnerabilities in S3 bucket access, exposing over 22 terabytes of sensitive data. Another significant incident involved a severe ransomware attack that disrupted the IT infrastructure of an Indian multinational, necessitating a temporary halt in services.
Intensified Cyber Conflict Between India and Pakistan
The cyber conflict between India and Pakistan escalated following the Pahalgam terror attack and India’s subsequent Operation Sindoor. Cyble noted that groups aligned with Pakistan launched approximately 1.5 million intrusion attempts against Indian systems. More than 40 hacktivist organizations executed a range of attacks, including Distributed Denial-of-Service (DDoS) operations and data breach campaigns, severely affecting government entities and critical infrastructure throughout India.
Regional API Vulnerability Compromises User Data
A grave IDOR vulnerability identified in a widely used spam-blocking application revealed personally identifiable information of users in India, Pakistan, and Bangladesh. The breach compromised crucial data including full names, phone numbers, email addresses, and device tokens, potentially endangering millions of users.
Ransomware Activity Across APAC Remains Significant
Ransomware incidents maintained a high frequency in the APAC region, with the Qilin group responsible for 94 of the reported 456 attacks, marking 20.6 percent of all incidents. The banking, financial services, and insurance sectors were particularly hard-hit, as attackers executed a concentrated effort against asset-management firms in September. Other notable actors included NightSpire, Dire Wolf, and The Gentlemen.
The most frequently targeted industries included Banking, Financial Services, and Insurance (BFSI), manufacturing, IT and IT-enabled services, and government.
Data Breaches Surge Throughout the Region
The APAC region experienced an alarming total of 1,586 data breaches in 2025. Government and law enforcement sectors alone accounted for 427 of these incidents, making up 27 percent of the total breaches, followed closely by the education sector with 192 reported breaches and the BFSI sector with 155.
Expansion of the Underground Access Market
The underground economy for corporate access flourished, with Cyble documenting 335 initial access listings in 2025. Government and law enforcement agencies were the most frequently targeted, with 54 listings recorded, followed by retail and BFSI sectors.
Geopolitical Espionage in the APAC Region
Increasing activity from China-aligned advanced persistent threat groups was reported. The actor known as MirrorFace carried out targeted campaigns against critical sectors in Japan, utilizing various sophisticated tools. Meanwhile, UNC3886 focused its attention on the infrastructure of essential organizations across Singapore. The ongoing geopolitical tensions also led to approximately 2.4 million cyberattack attempts daily against Taiwanese systems.
Surge in Hacktivist Incidents
In 2025, APAC recorded over 400 hacktivist incidents, accompanied by 1,162 data leak posts. These instances included widespread DDoS operations and website defacements, impacting over 7,000 domains in sectors such as government, BFSI, technology, and education.
The report illustrates a landscape of escalating threats that demand immediate strategic responses from organizations to fortify their cybersecurity posture. From state-sponsored threats to burgeoning hacktivism, the urgency for robust defenses and comprehensive policy frameworks has never been clearer.
