Critical
High
Medium
Low
Executive Summary
The Asia-Pacific region is currently facing a heightened cyber threat landscape characterized by persistent ransomware attacks and sophisticated state-sponsored cyber espionage. India, in particular, has emerged as a primary target for ransomware, with recent incidents affecting major manufacturing and electronics firms. China-linked advanced persistent threat (APT) groups are actively targeting critical infrastructure and government entities across Southeast Asia for intelligence gathering, deploying new custom backdoors. The continuous disclosure and active exploitation of critical vulnerabilities, including zero-days, underscore the urgent need for robust patching and enhanced defensive measures across the region.
Sources
58 web sources analyzed
Active Threats
5 campaigns
Bajaj Auto Ransomware Attack
HIGH
ransomware
Bajaj Auto and its subsidiary, Bajaj Auto Technology Ltd (BATL), experienced a ransomware attack on June 23, 2026, affecting their systems. The company initiated response protocols and reported the incident to CERT-In.
Tata Electronics Cyberattack
HIGH
data_breach, ransomware
Tata Electronics confirmed a cybersecurity incident days before June 24, 2026, which allegedly led to the leak of over 630 GB of data, including documents linked to Apple and Tesla.
CL-STA-1062 Southeast Asia Critical Infrastructure Campaign
CRITICAL
espionage, apt
A China-linked cyberthreat group, CL-STA-1062, has been actively targeting critical infrastructure providers and government organizations in Southeast Asia, deploying a new backdoor tool named TinyRCT. Palo Alto Networks reported on this activity cluster, which has been ongoing over the past year, with analysis published on June 25, 2026.
cPanel/WHM Active Exploitation
CRITICAL
other (active exploitation)
The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of active exploitation of a critical vulnerability affecting cPanel/WebHost Manager (CVE-2026-4194).
ClickFix Social Engineering Campaign
HIGH
phishing, malware
Threat actors are targeting Australian networks using a social engineering technique called ClickFix to distribute malware through compromised WordPress websites.
APT Tracker
| Group | Attribution | Recent Activity | TTPs |
|---|---|---|---|
|
CL-STA-1062
UAT-7237
|
China | This group has expanded operations from Taiwan to successfully target critical infrastructure and government entities in Southeast Asia, including el… | |
|
Mustang Panda
Camaro Dragon, Earth Preta, Stately Taurus
|
China | Mustang Panda conducted two concurrent cyber espionage campaigns between June 12 and June 22, 2026, targeting Indian government entities and the hydr… | Spear-phishing DLL side-loading legitimate cloud service abuse (Zoho WorkDrive) custom malware (SHARDLOADER |
Vulnerability Alerts
CVE-2026-55200
CRITICAL
libssh2
An anonymous researcher disclosed a critical pre-authentication remote code execution vulnerability in libssh2 on June 30, 2026, which is already being actively exploited. A fix has been merged for this flaw.
CVE-2026-20896
HIGH
Self-hosted Gitea Docker deployments
An authentication bypass vulnerability in self-hosted Gitea Docker deployments was disclosed on June 30, 2026, allowing attackers to impersonate users and take over Git servers. Patches have been released by Gitea.
CVE-2026-4194
CRITICAL
cPanel/WebHost Manager
A critical vulnerability affecting cPanel/WebHost Manager is currently being actively exploited, as reported by the Australian Cyber Security Centre.
Not Assigned (Oracle E-Business Suite)
CRITICAL
Oracle E-Business Suite
A critical bug in Oracle E-Business Suite is actively being exploited, with a report on its exploitation published on June 30, 2026.
Multiple (Undisclosed)
CRITICAL/HIGH
Various software products and open-source projects
An anonymous researcher, "bikini," publicly released exploit code on June 30, 2026, for zero-day vulnerabilities affecting at least 15 software products and open-source projects, with some already actively exploited.
Country Cyber Posture
| Country | Threat Level | Assessment | Recent Incidents |
|---|---|---|---|
| China | CRITICAL | China maintains a highly advanced and active cyber warfare capability, frequently engaging in sophisticated espionage and pre-positioning operations against critical infrastructure and government entities across the APAC region. |
Earth Preta targeting APAC government agencies
Earth Baxia establishing persistence in Taiwanese government infrastructure.
|
| Japan | HIGH | Japan faces persistent cyber espionage threats, particularly from China-aligned APT groups, and is impacted by the broader regional surge in financial sector attacks. |
Earth Kasha (APT10) spear-phishing attacks against government and research institutions.
|
| South_Korea | CRITICAL | South Korea experiences a high volume of cybersecurity breaches, with a significant increase in AI-powered attacks and persistent threats from North Korea-linked actors targeting military, diplomatic, and critical infrastructure. |
2,383 cybersecurity breaches reported in 2025
"Korean Leaks" data heist impacting financial sector via MSP in 2025.
|
| North_Korea | CRITICAL | North Korea poses a severe and pervasive cyber threat, primarily focused on large-scale cryptocurrency theft and sophisticated AI-powered spear-phishing to fund its WMD programs. |
Record $2 billion in cryptocurrency stolen in 2025, including $1.46 billion from Bybit exchange
Increased use of AI-powered deepfake techniques in spear-phishing campaigns.
|
| Taiwan | CRITICAL | Taiwan is a primary target for China-linked APT groups, facing millions of daily intrusion attempts against critical infrastructure and significant risks from ransomware, supply chain weaknesses, and social engineering. |
2.63 million daily intrusion attempts against critical infrastructure in 2025
726 cybersecurity incidents involving government agencies in 2025.
|
| Philippines | CRITICAL | The Philippines faces an unprecedented surge in cyber threats, with all organizations impacted by supply chain vulnerabilities and government systems increasingly targeted amid geopolitical tensions. |
100% of organizations experienced cybersecurity incidents linked to supply chain vulnerabilities in 2025
Data breaches exposed over 52 million credentials in Q3 2025.
|
| Vietnam | MEDIUM | Vietnam's cybersecurity posture is challenged by regional threat trends, including the presence of DPRK IT workers engaged in illicit activities, and general increases in cybercrime. |
DPRK IT worker networks operating within Vietnam for money laundering and illicit activities.
|
| Indonesia | HIGH | Indonesia experienced a staggering 714% explosion in cyberattacks in 2025, with 5.5 billion attacks targeting government, economy, and national security, driven by ransomware and supply chain compromises. |
5.5 billion cyberattacks in 2025
Ransomware attack crippled the interim national data center in June 2024, disrupting public services.
|
| Singapore | HIGH | Singapore, as a global digital hub, faces an aggressive and complex threat landscape characterized by a high volume of ransomware attacks, significant third-party risks, and APT activity targeting critical infrastructure. |
Over 130 major cyber incidents recorded in 2025, with ransomware accounting for 58%
Attempted cyber intrusion by APT actor UNC3886 targeting four major telecommunications operators in 2025.
|
| Thailand | HIGH | Thailand's cyber risk environment is deteriorating, with cyber incidents being the top business risk, experiencing over 3,200 attacks per week and a high volume of ransomware incidents. |
Over 109,000 ransomware-related attacks in 2025
Ministry of Labor breach in July 2025, leaking 300 GB and a $15 million ransom note.
|
| Malaysia | HIGH | Malaysia faces a substantial increase in cyber incidents, with government and critical sectors targeted by sophisticated APT groups for espionage and financially motivated cybercrime. |
Earth Longzhi targeting energy, telecommunications, and government sectors
APT41 targeting banking institutions and healthcare providers via supply chain compromises.
|
| Myanmar | MEDIUM | Myanmar's cybersecurity posture is likely challenged by regional cybercrime trends, including ransomware and social engineering, as highlighted in broader APAC threat assessments. |
(No specific recent incidents found in provided snippets for 2025-2026).
|
| Cambodia | MEDIUM | Cambodia's cybersecurity landscape is influenced by regional cybercrime activities and has been identified as a location for DPRK IT workers involved in illicit financial operations. |
DPRK IT worker networks operating within Cambodia for money laundering and illicit activities.
|
| Mongolia | MEDIUM | Mongolia's cybersecurity posture is likely exposed to the general increase in cyber threats across the APAC region, including ransomware and phishing campaigns. |
(No specific recent incidents found in provided snippets for 2025-2026).
|
| Brunei | MEDIUM | Brunei's cybersecurity posture is likely subject to the evolving regional threat landscape, including opportunistic cybercrime and sophisticated social engineering tactics. |
(No specific recent incidents found in provided snippets for 2025-2026).
|
Sector Threat Matrix
Government
CRITICAL
Government entities across APAC are under constant assault from nation-state APTs seeking espionage and pre-positioning, alongside widespread ransomware and data breach incidents.
- Nation-state espionage (e.g., China-aligned APTs)
- Ransomware and data exfiltration.
Finance & Banking
CRITICAL
The APAC financial sector is the world's most targeted, facing an escalating wave of cyberattacks, including a surge in DDoS, AI-driven fraud, and record-breaking cryptocurrency theft.
- Layer 7 DDoS attacks
- AI-driven fraud and botnets
- Cryptocurrency theft by nation-state actors.
Energy & Utilities
HIGH
This sector is a prime target for nation-state APTs aiming for strategic intelligence collection and potential sabotage, with incidents involving hardware/software vulnerability exploitation and ransomware.
- State-sponsored espionage and sabotage
- Supply chain compromises
- Ransomware.
Telecommunications
HIGH
Telecommunications infrastructure is frequently targeted by APT groups for strategic communications espionage and infrastructure access, alongside significant hacking incidents and DDoS attacks.
- APT-led espionage and persistent access
- DDoS attacks
- Hardware and software vulnerability exploitation.
Defense & Military
HIGH
Defense and military targets are consistently subjected to cyber-espionage by nation-state actors, particularly North Korea, seeking sensitive information and intellectual property for WMD development.
- Cyber-espionage for WMD and ballistic missile development
- AI-powered spear-phishing campaigns.
Healthcare
HIGH
The healthcare sector faces significant risks from ransomware deployment and data breaches, with APT groups also targeting it for intelligence collection.
- Ransomware attacks (e.g., compromising hospital operations)
- Data breaches exposing sensitive patient information.
Technology
HIGH
The technology sector is a frequent target for APT groups and financially motivated cybercriminals, facing threats from supply chain vulnerabilities, intellectual property theft, and ransomware.
- Supply chain attacks
- Intellectual property theft
- Ransomware-as-a-Service operations.
Cyber News Feed
Last 7 days
- Dewan Rakyat passes Cybercrime Bill to strengthen enforcement and protect digital users in Malaysia
- Selangor confirms Flexi Parking cyberattack, suspends parking summons during outage
- Cybercrimes Bill must clarify how seized personal data will be handled, says MP
- Qué riesgos implica ingresar a Roja Directa y Tarjeta Roja para ver Estados Unidos vs. Bosnia y Herzegovina
- Singpass launches iPhone passkey logins from Jul. 1
- Advierten por posibles infiltraciones de propagandas rusas en inteligencias artificiales
- Aflac Japan reports data breach affecting over 4 million customers
- Systems infected by malware in S’pore more than double in 2025: CSA
- MOH shuts down own website temporarily after cyber scare, says patient data safe
- South Africa: Live Report - Tracking the Disinformation Circulating During Anti-Migrant Protests in South Africa
- iPhone 18 secrets spill onto the dark web
- Cuando el hacker más famoso de los 90 le regaló un Porsche al hombre que lo mandó a la cárcel
- Lei Falcão, 50, marcou mordaça da propaganda eleitoral antes do desafio das redes sociais
- Lula libera R$ 520 mi para propaganda antes da eleição, mais que o dobro de Bolsonaro em 2022
- Roja Directa para ver México vs. Ecuador: la dirección web que debes evitar en tu navegador
Incident Log
Last 30 days
No incidents logged yet. Incidents are populated automatically from CTI briefs or can be added via Django Admin.