Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

APAC Intelligence Insights Report, January 2026
← Research Hub

APAC Intelligence Insights Report, January 2026

Monthly intelligence on ransomware, hacktivism, infostealers, and financial fraud across the Asia-Pacific region — curated by Group-IB’s Threat Intelligence team.

The Asia-Pacific region remains a primary target for the world’s most motivated threat actors. Group-IB’s January 2026 Insights provides a deep dive into four critical pillars: ransomware, hacktivism, compromised accounts, and financial fraud.

Unlike aggregated open-source reports, this intelligence is drawn directly from Group-IB’s proprietary telemetry, dark web monitoring, and infostealer tracking. Whether you are a CISO or a SOC analyst, this report provides the primary research needed to move from reactive to proactive defense.

Key Findings & APAC Cybersecurity Trends in January 2026

Ransomware Activity Falls 46%, but Malaysia Emerges as the New Primary TargetRansomware Activity Falls 46%, but Malaysia Emerges as the New Primary Target

Malaysia overtook India and Thailand to become the top-targeted country globally. India and Japan saw the sharpest declines, down 61% and 66% respectively from December 2025 figures. Taiwan and China also featured among the most targeted nations.

Adversary To Watch: The GentlemenAdversary To Watch: The Gentlemen

The only major ransomware group to increase activity month-on-month in January 2026.

Geopolitically Motivated Groups Remain Active.Geopolitically Motivated Groups Remain Active.

Hacktivist groups are shifting focus towards education and healthcare - ‘soft targets’ with high public visibility and limited defensive resources.

The Infrastructure Destruction Squad’s Focus on Operational Technology (OT) and Smart ManufacturingThe Infrastructure Destruction Squad’s Focus on Operational Technology (OT) and Smart Manufacturing

Active across both global and regional incidents, the group claimed unauthorised access to industrial control systems at South Korean manufacturer Hybusung Tech and the industrial hub Jeonnam Technopark.

The Migration to Telegram in Financial FraudThe Migration to Telegram in Financial Fraud

While leaked bank card numbers fell, the method of distribution fundamentally changed. Telegram now accounts for an overwhelming majority of all stolen card distribution, effectively replacing traditional dark web forums as the primary marketplace for financial data. India, Japan and Malaysia saw the highest volumes of leaked financial credentials.

Frequently asked questions

What are the top ransomware threats in APAC for early 2026?

arrow_drop_down

Qilin is currently the most active group. While overall incidents are down, groups like The Gentlemen are increasing their activity, specifically targeting manufacturing in Malaysia.

Which countries in Asia-Pacific are most targeted?

arrow_drop_down

India leads the region in DDoS and compromised account volume. However, Malaysia has seen a sharp spike in ransomware targeting, and Japan remains a top target for financial fraud.

How is the Vidar infostealer affecting the region?

arrow_drop_down

Vidar is the dominant malware family in APAC, responsible for nearly half of all stolen credentials. It primarily targets passwords and session cookies, allowing actors to bypass MFA.

Why is the shift to Telegram significant for financial fraud?

arrow_drop_down

The move to Telegram (71.2% of distribution) allows criminals to automate sales via bots and reach a wider audience with less risk of takedowns compared to traditional web-based forums.

Who Should Read This Report

An essential 15-minute read for APAC Security and Risk Professionals.

This free report is built for:

Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and Heads of Security. Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and Heads of Security.

Fraud, Risk and Compliance Leaders.Fraud, Risk and Compliance Leaders.

Government and Law Enforcement Professionals. Government and Law Enforcement Professionals.

Security Operation Center (SOC), Incident Response (IR) and Threat Intelligence (TI) Teams. Security Operation Center (SOC), Incident Response (IR) and Threat Intelligence (TI) Teams.

Board Level and Executive Decision Makers. Board Level and Executive Decision Makers.

 

If you are responsible for protecting digital assets, customers or national infrastructure in APAC, this report is for you.

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Inside Europe’s Manufacturing Cyber Threat Landscape
New
Trend Report
Inside Europe’s Manufacturing Cyber Threat Landscape
Why the biggest risks to industrial operations begin outside the factory
Learn more
Intelligence Insights Report, March 2026
New
Trend Report
Intelligence Insights Report, March 2026
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, February 2026
New
Trend Report
Intelligence Insights Report, February 2026
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, January 2026
New
Trend Report
Intelligence Insights Report, January 2026
Explore the most notable cybersecurity events in the region and the best practices
Learn more