Unveiling India’s Cyber Threat Landscape: Data, Trends, and Resilience

As India experiences rapid digital growth across various sectors, it has become an increasingly attractive target for cyber threats. From government and finance to healthcare and telecommunications, Indian industries are widely adopting digital solutions, exposing them to unique security challenges.

With accelerated digital transformation and the expansion of online services, the country faces a rising tide of vulnerabilities to cyberattacks. This report provides an in-depth analysis of India’s threat landscape, offering organizations actionable intelligence to strengthen their defenses and ensure a secure and resilient digital environment for individuals and enterprises across the nation.

India Threat Landscape Report

Key Insights

According to the dark web forums monitored by SOCRadar, Educational Services are the most targeted industry, with 15.8% of all posts. The publicadministration industry takes second place with 11.96% of the posts, and information was third with 8.58% of all the dark web forum posts.

Threat actors targeting India mostly published free content (data leaks, tools, etc.). The sharing category is in first place with 50,99% of all the posts from dark web forums, followed by Hack Announcements, which comprises 26,86% of the posts from dark web forums. In third place, we have Selling, with 22,02% of the posts.

When we look at the type of information published on dark web forums, we see that Databases take the first spot with 55,73% of all the posts. The second most popular type of information threat actors share is content related to Website attacks (defacements, DDoS attacks, etc.), with 30,45% of the posts. Lastly, we have posts related to Access (sales/shares, etc.), which takes 12,1% of the posts.

The most targeted industry by ransomware groups was the Manufacturing industry, with 30.14% of all attacks. The information industry took the second spot with 10,96% of the attacks, and Professional, Scientific, and Technical Services was the third one with 6,85% of the attacks.

Our analysis shows that the most active ransomware group targeting India was LockBit 3.0, which is responsible for 61,8% of all the attacks. The second most active group was the KillSec, with 21,8% of all the attacks. In the third place, we have Stormous with 16,4% of all the ransomware attacks targeting India.

SOCRadar Analysts detected 497.913 exposed credentials among stealer logs, most belonging to Indian citizens.
The Information Services industry faced the most phishing attacks with 23,44% of the total attempts. Telecommunications industry was on the second spot with 13,13% of the attacks and National Security & International Affairs was targeted with 11,88%. National Security & International Affairs shares the third spot with Banking industry.

Why You Need This Report

Our comprehensive analysis is built on a combination of open-source intelligence and proprietary research. By understanding these insights, stakeholders can: