An article by: Dr. Shekhar A Pawar
SecureClaw’s Annual Global Cyber Threat Report 2025 reveals a significant increase in industry-targeted cyberattacks globally. It notes that India’s rapidly growing digital economy, fuelled by cloud adoption and fintech advances, has also led to increased vulnerabilities for Indian companies against cybercriminals and state-sponsored threats. As shown in diagram, the various categories of cyberattacks impacting Indian businesses, highlighting ransomware campaigns, financial data theft, and advanced persistent threats (APTs) aimed at espionage. It underscores the urgency for strengthened defense mechanisms and proactive intelligence sharing amid India’s swift digital transformation. The analysis is backed by incidents from research and media reports within India and the broader APAC region.
Ransomware: India’s Most Disruptive Cyber Threat
Ransomware has become the most destructive cyber menace confronting Indian organizations. Exploiting vulnerabilities across Linux, Windows, VMware ESXi, and Remote Desktop Protocol (RDP) systems, attackers encrypt critical data and demand ransom payments to restore access.
Among the most significant ransomware campaigns are 01flip, Kraken, Makop, Medusa, Qilin, and Scattered Lus$. The 01flip Ransomware has impacted various sectors including cloud services, finance, government, healthcare, and manufacturing, demonstrating its ability to affect Linux servers, Windows endpoints, and VMware ESXi hypervisors. The resulting consequences include severe disruptions such as cloud service outages and halted financial transactions. Kraken Ransomware targets a wide range of organizations, particularly India’s Micro, Small, and Medium Enterprises (MSMEs), by exploiting virtualized environments and cloud workloads, which are vital to the country’s digital economy. This puts many small businesses at risk of significant financial and reputational losses due to their often-insufficient defenses.
Makop Ransomware preys on organizations with inadequate RDP configurations, locking them out of essential systems in sectors like finance, government, and healthcare, which points to the dangers posed by misconfigured remote access in a hybrid work environment. The healthcare sector continues to be a prime target, with Medusa Ransomware compromising public health portals and threatening patient data and service delivery. Qilin Ransomware has also breached government databases, while Scattered Lus$ Ransomware has disrupted IT operations in automobile manufacturing, revealing weaknesses in India’s industrial supply chains. Collectively, these campaigns demonstrate how attackers exploit various vulnerabilities to disrupt critical services, extort payments, and undermine trust in the digital infrastructure of India.
Malware and Infostealers: The Silent Theft of Data
India is experiencing a significant increase in malware campaigns aimed at stealing credentials, financial information, and cryptocurrency assets, extending beyond ransomware. Agent Tesla malware, often distributed via movie torrent files, and DarkComet RAT, targeting cryptocurrency tools, exemplify the threats facing the financial services sector. The versatile HelloTDS malware family compromises various institutional environments, while JSCEAL Infostealer focuses on harvesting credentials from Windows systems. Additionally, LeakyInjector and LeakyStealer specifically attack crypto wallets and financial platforms, and LNK malware exploits malicious shortcut files for persistent access. These infostealers operate covertly, siphoning assets over time without alerting victims, contrasting sharply with the overt nature of ransomware attacks.
Data Breaches and Financial Attacks
India has faced a growing wave of data breaches and financial fraud incidents, exposing vulnerabilities across critical sectors. Research archives in the marine industry, CRM systems within insurance firms, and Salesforce platforms in enterprise IT have all been compromised. Such intrusions jeopardize sensitive research, customer records, and corporate data – eroding trust and challenging regulatory compliance.
On the financial front, fraudsters have exploited email systems in laboratories and carried out financial theft against servers in cryptocurrency exchanges. These incidents highlight the dual objectives of cybercriminals: stealing intellectual property while simultaneously siphoning funds.
For India’s rapidly expanding digital economy, these breaches represent not only financial and operational risks but also significant reputational damage and regulatory consequences.
APT: Espionage and Strategic Disruption
India faces escalating threats from state-sponsored Advanced Persistent Threat (APT) campaigns aimed at espionage and destabilization of critical sectors. Notable APT groups include APT32 (OceanLotus), which has targeted manufacturing and transportation networks through malicious document tactics, and APT-C-35 (DoNot), focusing on defense and government server compromises. Additional groups such as FoxKitten, Homeland Justice, OilRig, and MuddyWater also utilize document-based exploits to penetrate similar systems. Ink Dragon has targeted IIS web servers within government entities, exploiting system vulnerabilities to access sensitive infrastructure. These APT operations are distinguished by their long-term objectives, which prioritize espionage, intellectual property theft, and strategic disruption over immediate financial gain. Given India’s ambitions to become a global manufacturing hub and a digital leader, these threats pose significant national security risks, necessitating enhanced vigilance, robust defenses, and coordinated counteractions.
Other Attack Vectors
India’s cyber threat landscape extends far beyond ransomware and malware, showcasing the growing ingenuity of adversaries. Emerging techniques such as AI Browser Paywall Bypass exploit AI-driven browsers to circumvent digital publisher paywalls, while Adversary-in-the-Middle (AiTM) attacks on Microsoft 365 and Okta enable attackers to steal authentication tokens and bypass multifactor authentication.
At the same time, social engineering and system intrusion campaigns continue to prey on human trust and technical vulnerabilities across the APAC region. Weakly secured web applications remain a common gateway for attackers, providing easy access to enterprise systems.
Collectively, these attack vectors highlight how cybercriminals exploit both technological flaws and human weaknesses to achieve disruption, theft, and long-term control.
Implications for Indian Industry
The increasing range of cyberattacks poses significant threats to Indian industries, particularly targeting core sectors such as cloud services, finance, government, healthcare, manufacturing, and the SMB/MSME network. Attackers utilize various tactics, including ransomware and credential-stealing malware, leading to a complex threat landscape. The impacts include disruption of essential services, intellectual property theft, and diminished trust in digital systems, which jeopardizes economic growth and social stability. MSMEs are especially vulnerable due to inadequate cybersecurity measures. Moreover, state-sponsored APT campaigns against sectors like defense and manufacturing highlight the geopolitical risks of cyberattacks, posing dangers to national security and strategic goals.
Prevention is Better Than Cure
Strengthening cybersecurity necessitates proactive prevention measures. Organizations can enhance resilience by implementing strategies such as regular offline or immutable cloud backups, automating patch management, and adopting a Zero Trust architecture with stringent access controls and multi-factor authentication. Employee awareness and training are essential to mitigate risks from phishing and social engineering attacks. Advanced defenses like endpoint protection, continuous monitoring, and AI-driven EDR solutions facilitate early detection and containment of threats. For MSMEs, the BDSLCCI framework provides a cost-effective roadmap to enhance supply chain security, ensure compliance, and bolster stakeholder trust. In India, the Indian Computer Emergency Response Team (CERT-In) plays a vital role by offering advisories and threat intelligence, which are crucial for maintaining compliance with national cybersecurity standards.
