India tops Cyble’s APAC cyber target list amid ransomware surge

NEW DELHI, INDIA — India has emerged as one of the most targeted countries in the Asia-Pacific region as ransomware attacks, data breaches, and underground cybercrime operations continue to escalate, according to Cyble Inc.’s APAC Threat Landscape Report 2025. 

The study warns that the country’s rapid digital adoption and robust economic activity make it a lucrative target for cybercriminals and state-backed groups.

Ransomware, data breaches hit Indian enterprises

The report highlights a string of high-impact incidents affecting Indian enterprises in 2025. In October, a nationwide grocery retail chain suffered a breach exposing personal data of 600,000 customers and 1,000 employees, including sensitive Aadhaar and banking details. 

Earlier in January, a major Indian multinational payment system was compromised, with unauthorized access to production databases, source code, and infrastructure credentials being offered for sale on underground forums.

Multiple companies also experienced massive data leaks due to misconfigured S3 bucket access, exposing over 22 terabytes of corporate information. 

Additionally, an Indian multinational faced a severe ransomware attack that disrupted IT infrastructure and forced temporary service suspensions.

“India’s rapid digital adoption and strong economic activity have made it a lucrative target for both cybercriminals and state-backed groups,” said Daksh Nakra, Senior Manager of Research and Intelligence at Cyble. 

He added that the convergence of ransomware, data brokers, and hacktivist activity underscores “the urgent need for stronger cybersecurity measures and policy responses.”

Geopolitical and regional cyber threats intensify

The report also details heightened cyber tensions between India and Pakistan following the Pahalgam terror attack and India’s Operation Sindoor. 

Pakistan-aligned advanced persistent threat groups launched approximately 1.5 million intrusion attempts, while more than 40 hacktivist groups conducted DDoS attacks, website defacements, and data breach campaigns targeting government institutions, critical infrastructure, and industry sectors.

Across the broader APAC region, ransomware remained prevalent, with groups such as Qilin, NightSpire, and Dire Wolf targeting banking, financial services, insurance, IT, manufacturing, and government sectors. 

The underground market for initial corporate access also expanded, with 335 listings documented, predominantly affecting government, retail, and BFSI organizations.

Building resilience in India’s IT and BPO services

For India’s outsourcing sector, which handles vast amounts of sensitive corporate and customer data, the rising cyber threat landscape presents both risk and opportunity. 

Strengthening cybersecurity measures is not only essential for protecting clients but also for maintaining India’s competitive edge in IT and BPO services. 

Experts suggest that firms investing in advanced threat detection, robust data governance, and cross-border security collaborations can turn resilience into a market differentiator in an era of increasingly sophisticated cyber threats.