India and the broader Asia-Pacific region continue to face heightened ransomware and cyberattack activity, according to Cyble’s Monthly Threat Landscape Report: July 2025. The report highlights a consistent rise in cyber intrusions, with India recording critical cases of ransomware and data theft across key industries.
Key Findings – India & Asia
- Industrial sector under attack: The Warlock ransomware group leaked HR, financial, and design archives from an India-based manufacturing firm.
- Dark Web leaks: Data from two Indian firms — a technology consulting platform and a SaaS provider — surfaced on cybercrime forums, exposing customer records, payment data, and IP logs.
- Telecom breach for sale: Hackers offered unauthorised access to an Indian telecom company’s infrastructure, including credentials and CLI access, priced at US$35,000.
- Regional hotspots: Thailand, Japan, and Singapore led Asia’s ransomware victim tally with six each, followed by India and the Philippines.
- Hacktivism spike: India-linked Team Pelican Hackers targeted two major Pakistani institutions, leaking sensitive academic and R&D datasets.
Global Highlights
- 423 ransomware victims worldwide in July 2025; over half (223) were in the U.S.
- Qilin ransomware dominance: 73 global victims (17%), followed by INC Ransom (59).
- Critical infrastructure at risk: Over 1,000 daily cyberattacks tracked on U.S. ICS/OT systems; UK, Vietnam, China, Singapore, and Hong Kong also heavily targeted.
- Hacktivism persists: Pro-Russian campaigns disrupted European entities, while Aeroflot and Taiwanese energy systems faced major breaches.
- Zero-day trade surges: Exploits for WinRAR and VPNs actively sold on dark web markets, priced at USD $80,000 to 1 BTC.
Expert Insight
“India’s manufacturing, telecom, and SaaS sectors are fast-emerging prime targets for ransomware groups and dark web actors. As adversaries innovate with new variants and attack vectors, Indian enterprises must strengthen resilience by prioritising vulnerabilities, securing supply chains, and protecting critical infrastructure,” said Daksh Nakra, Senior Manager – Research & Intelligence, Cyble.
