India's cybersecurity firewall most breached by hacktivists, shows data

India has emerged as the primary target for “hacktivist” attacks in 2024, accounting for nearly 13 per cent of global incidents, according to the latest High Tech Crime Trends Report – 2025 by Group-IB.

 

The country, closely followed by Israel at 7 per cent, is now at the forefront of growing cybersecurity threats, raising concerns over the increasing frequency and severity of cybercrime in the region, the report said.

 

In the Asia-Pacific region, India accounted for 49.3 per cent of the "hacktivist" attacks. Indonesia came a distant second at 14 per cent. Education institutions were the hardest hit in this region, followed by government, military, and financial services, among others.

 

India has also emerged as the third-largest country for reported data leaks in the public domain globally, behind the United States (US) and Russia.

 

Group-IB’s report uses a combination of deep global intelligence and a global analytical perspective, which includes proprietary research, intelligence gathering, cybercrime investigations, and experts stationed across cybercrime hotspots.    

 

Hacktivism refers to a social or political activist act that is performed by people known as “hacktivists.” 

 

Hacktivist attack refers to using a variety of hacking methods that allow them access to personal computers, where they can take control and gain private information.

 

The surge in such attacks against India is attributed to regional tensions, particularly with neighbouring countries, and its diplomatic stance on Palestine and Israel, the report averred.

 

Indian hacktivist groups further add fuel to the situation, triggering retaliatory cyberattacks, it said.

 

These attacks, increasingly coordinated and politically motivated, undermine the trust in India's digital infrastructure.

 

Last year, India witnessed 60 data leaks in the public domain, contributing to the overall 1,107 instances of data exposed to the public worldwide, the report said.

 

India stood third in the pecking order, behind the US (214 attacks), followed by Russia (with 195 attacks).

 

Email addresses, phone numbers, and passwords remain the most exploited types of sensitive data by cybercriminals, it said.

 

For instance, the leak of unique email data sold on the Dark Web in 2024 stood at a staggering 248.9 crore, it noted.

 

India is also the top target for advanced persistent threats (APTs) in the Asia Pacific with a 10.3 per cent share of these attacks, though at the global level, their share stands at 2 per cent, which is lower than the US, Israel, Eqypt, and the Gulf Cooperation Council countries, which range from 3 to 6 per cent.

 

APTs are sophisticated, covert cyberattacks where attackers gain and maintain unauthorised access to a network for an extended period to steal sensitive data, often targeting large enterprises or governments.

 

Additionally, India ranks first in the region for attacks by Initial Access Brokers (IABs) — threat actors who gain access to corporate computer systems and then sell the access on the Dark Web – accounting for a fifth of all such attacks in the Asia-Pacific region.

 

The US, however, dominates globally with a 35.5 per cent share, followed by Brazil (6.3 per cent), the UK, Canada, France, Spain, and Australia, with India at 2.3 per cent, the report elaborated.

 

Lastly, India ranked second globally, based on the number of compromised hosts identified (106,312) behind only Pakistan (108,674) in 2024, it added.