APAC Intelligence Insights Report, February 2026

Group-IB’s February 2026 Intelligence Insights provide a deep dive into four critical pillars: ransomware, hacktivism, compromised accounts and financial fraud.

Unlike aggregated open-source reports, this intelligence is drawn directly from Group-IB’s proprietary telemetry, dark web monitoring and infostealer tracking.

Key Findings & APAC Cybersecurity Trends in February 2026

The Gentlemen Surge as Ransomware Ticks Upward.

Group-IB recorded 58 ransomware incidents in February 2026 - a 7.41% increase from January 2026. The Gentlemen dominated with 29 attacks, while Qilin scaled back by 37.5%. India led targeted countries, followed by Thailand, Australia and Taiwan. Manufacturing remained the primary sector, absorbing nearly 27% of all incidents. Singapore-based firms APRO, Perpetuuiti Technosoft and Obsidian Tech Labs were among confirmed victims.

Adversary of the Month: The Gentlemen.

The most prolific ransomware group in APAC for the second consecutive month. Operating without a traditional affiliate panel, distributing tools via Tox messenger, and running a Tor-based leak site, the group is expanding its reach across nine APAC countries and actively developing new Linux and ESXi variants with reported AI assistance.

Thailand Becomes the DDoS Epicentre.

DDoS and hacktivist activity surged 161% to 324 incidents, with Thailand absorbing 267 attacks. RipperSec led all threat groups at 39.7% of incidents, with government and military infrastructure accounting for 50% of all targeted activity. Transportation and education were also significantly affected.

Tax Season, Trusted Brands, and a $2 Million Fraud Campaign Targeting Indonesia.

GoldFactory's fraud campaign exploited the 2026 Indonesian tax season, impersonating the official Coretax platform to target 67 million residents. Using phishing, WhatsApp social engineering and malicious APK sideloading, the campaign abused over 16 trusted government and financial brands, resulting in an estimated USD 2 million in nationwide losses. Singapore saw parallel breaches, with threat actors "Montaro" and "HighRisk" leaking data from Noel Gifts International and Carousell respectively on dark web forums.

Google's Own Infrastructure Turned Against APAC Organisations.

The GTFire phishing campaign abused Google Firebase and Google Translate to host and disguise malicious login pages, bypassing traditional security filters by exploiting trusted cloud domains. The operation impacted over 1,000 organisations across 100 countries.

Frequently asked questions

What are the top ransomware threats in APAC in February 2026?

arrow_drop_down

The Gentlemen is the dominant group, executing 29 attacks — a 262.5% increase from January and the highest output of any single group in the region for the second consecutive month. Qilin remains active with 10 incidents. India and Thailand are the most targeted countries, manufacturing is the hardest-hit sector at 27% of all incidents, and Singapore saw three confirmed ransomware victims in February.

Which countries in Asia-Pacific are most targeted?

arrow_drop_down

For ransomware, India leads with 18 incidents, followed by Thailand (14), Australia and Taiwan (8 each). For DDoS and hacktivism, Thailand experienced a dramatic spike with 267 of the 324 total incidents recorded. For infostealer-driven account compromise, India accounts for 34.7% of the regional total, with Indonesia, Bangladesh and Vietnam also heavily affected. For bank card fraud, India (23.8%), Malaysia (13.9%), and Japan (12.4%) are the primary targets.

How are infostealers affecting APAC in February 2026?

arrow_drop_down

Vidar remains the dominant infostealer family, responsible for nearly half of all 2,337,460 compromised accounts recorded. The 61.37% month-on-month decline in total volume reflects a data normalisation following a new source onboarded in January 2026, not a genuine reduction in threat activity. India, Indonesia, Bangladesh and Vietnam are the most heavily affected countries.

What regional threats does this report cover?

arrow_drop_down

February’s report documents several significant APAC-specific incidents: GoldFactory’s tax-season fraud campaign in Indonesia causing estimated losses of USD 2 million; the GTFire phishing campaign abusing Google Firebase and Google Translate at scale across 100 countries; Chinese MSS disclosures about foreign intelligence operatives infiltrating professional platforms like WeChat and DingTalk; and the GhostBat Android malware campaign targeting Indian users through fake banking and government applications to steal UPI PINs and Aadhaar numbers while covertly mining cryptocurrency.

Who Should Read This Report

This free report is an essential 15-minute read for APAC Security and Risk Professionals:

Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and Heads of Security.

Fraud, Risk and Compliance Leaders.

Government and Law Enforcement Professionals.

Security Operations Center (SOC), Incident Response (IR) and Threat Intelligence (TI) Teams.

Board Level and Executive Decision Makers.

If you are responsible for protecting digital assets, customers or national infrastructure in APAC, this report is for you.

APAC Intelligence Insights Report, February 2026

Key Findings & APAC Cybersecurity Trends in February 2026

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="The Gentlemen Surge as Ransomware Ticks Upward. ">The Gentlemen Surge as Ransomware Ticks Upward.

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Adversary of the Month: The Gentlemen. ">Adversary of the Month: The Gentlemen.

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Thailand Becomes the DDoS Epicentre. ">Thailand Becomes the DDoS Epicentre.

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Tax Season, Trusted Brands, and a $2 Million Fraud Campaign Targeting Indonesia.">Tax Season, Trusted Brands, and a $2 Million Fraud Campaign Targeting Indonesia.

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Google's Own Infrastructure Turned Against APAC Organisations. ">Google's Own Infrastructure Turned Against APAC Organisations.

Frequently asked questions

What are the top ransomware threats in APAC in February 2026?

Which countries in Asia-Pacific are most targeted?

How are infostealers affecting APAC in February 2026?

What regional threats does this report cover?

Who Should Read This Report

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Fraud, Risk and Compliance Leaders.">Fraud, Risk and Compliance Leaders.

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Government and Law Enforcement Professionals.">Government and Law Enforcement Professionals.

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Security Operations Center (SOC), Incident Response (IR) and Threat Intelligence (TI) Teams.">Security Operations Center (SOC), Incident Response (IR) and Threat Intelligence (TI) Teams.

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Board Level and Executive Decision Makers.">Board Level and Executive Decision Makers.

Relevant reports

The Gentlemen Surge as Ransomware Ticks Upward.

Adversary of the Month: The Gentlemen.

Thailand Becomes the DDoS Epicentre.

Tax Season, Trusted Brands, and a $2 Million Fraud Campaign Targeting Indonesia.

Google's Own Infrastructure Turned Against APAC Organisations.

Fraud, Risk and Compliance Leaders.

Government and Law Enforcement Professionals.

Security Operations Center (SOC), Incident Response (IR) and Threat Intelligence (TI) Teams.

Board Level and Executive Decision Makers.