Critical
High
Medium
Low
Executive Summary
The Asia-Pacific region has experienced a dynamic cyber threat landscape over the past seven days, marked by significant data breaches, ongoing ransomware campaigns, and sophisticated state-sponsored espionage. Transnational scam networks targeting Southeast Asia have been disrupted, while critical vulnerabilities in widely used software like cPanel, Ivanti EPMM, and Palo Alto Networks PAN-OS are under active exploitation. China-aligned and North Korean APT groups continue their intelligence gathering efforts, focusing on government, defense, and academic sectors across the region.
Sources
70 web sources analyzed
Active Threats
6 campaigns
Transnational Scam Networks Disruption
HIGH
other
U.S. authorities disrupted transnational scam networks operating primarily in Myanmar and Cambodia, seizing 503 fake investment websites and restraining over $700 million in cryptocurrency on May 4, 2026.
Global Data Breach (Canvas Learning Platform)
HIGH
data_breach
The cyber-extortion group ShinyHunters claimed a global data breach affecting thousands of institutions, including several in Singapore, with stolen data seen online on May 8, 2026.
BARADAI Ransomware
HIGH
ransomware
BARADAI ransomware was identified on May 8, 2026, as a file-encrypting malware targeting a wide range of sectors including critical infrastructure, government, and finance across numerous APAC countries.
cPanel Vulnerability Exploitation
CRITICAL
espionage
A threat actor was observed on May 2, 2026, actively exploiting the critical cPanel vulnerability CVE-2026-41940 to target government and military entities in Southeast Asia.
AccountDumpling Phishing Campaign
HIGH
phishing
A Vietnamese operation, the AccountDumpling campaign, was reported on May 1, 2026, using Google AppSheet for Facebook phishing, targeting approximately 30,000 accounts.
Ubuntu/Canonical DDoS Attack
MEDIUM
ddos
Hacktivists claimed responsibility for a DDoS attack disrupting Ubuntu and Canonical services on May 1, 2026, reportedly utilizing a DDoS-for-hire service.
APT Tracker
| Group | Attribution | Recent Activity | TTPs |
|---|---|---|---|
|
SHADOW-EARTH-053
CL-STA-0049, Earth Alux, REF7707
|
China | Cybersecurity researchers disclosed on May 1, 2026, details of an ongoing espionage campaign targeting government and defense sectors across South, E… | Exploitation of N-day vulnerabilities (ProxyLogon chain) deployment of web shells (Godzilla) DLL sideloading of ShadowPad implants. |
|
Kimsuky
APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, Velvet Chollima
|
North Korea | The group has maintained extensive global reconnaissance operations throughout 2024, with recent reporting on May 3, 2026, highlighting systematic es… | Spear-phishing watering-hole attacks social engineering deployment of custom malware (KLogEXE |
|
OceanLotus
APT32
|
Vietnam | Kaspersky researchers reported on May 6, 2026, their suspicion that OceanLotus is using PyPI to deliver ZiChatBot malware, indicating an expansion of… | Supply chain attacks via PyPI (malicious wheel packages) spear-phishing exploitation of vulnerabilities in locally developed platforms. |
Vulnerability Alerts
CVE-2026-6973
HIGH
Ivanti Endpoint Manager Mobile (EPMM)
An improper input validation vulnerability allows a remotely authenticated user with administrative access to achieve remote code execution. Ivanti released patches on May 8, 2026.
CVE-2026-41940
CRITICAL
cPanel & WHM (versions after 11.40)
An authentication bypass vulnerability in the login flow allows unauthenticated remote attackers to gain unauthorized access to the control panel. Attacks exploiting this flaw were detected on May 2, 2026.
CVE-2026-0300
CRITICAL
Palo Alto Networks PAN-OS
An out-of-bounds write vulnerability in the User-ID Authentication Portal can allow an unauthenticated attacker to execute arbitrary code with root privileges. CISA added this to its KEV catalog on May 6, 2026, with patches expected by May 13, 2026.
CVE-2026-41589
CRITICAL
Wish SSH server (charm.land/wish/v2 versions 2.0.0 to before 2.0.1)
A path traversal vulnerability in the SCP middleware allows a malicious SCP client to read/write arbitrary files and create directories outside the configured root. This issue was reported on May 7, 2026, and patched in version 2.0.1.
CVE-2026-8092
CRITICAL
Firefox ESR 115.35.1, Firefox ESR 140.10.1, Firefox 150.0.1
Memory safety bugs present in various Firefox versions, which could potentially be exploited for arbitrary code execution. This vulnerability was reported on May 7, 2026, and fixed in Firefox 150.0.2.
Country Cyber Posture
| Country | Threat Level | Assessment | Recent Incidents |
|---|---|---|---|
| China | CRITICAL | China is a primary source of sophisticated state-sponsored APT activity, conducting widespread cyber espionage and targeting critical infrastructure globally and regionally, often leveraging a "whole-of-nation" approach. |
UNC3886 breached Singapore's telcos (Feb 2026)
Cyber espionage in Southeast Asia, Hong Kong, Taiwan (Feb 2025)
|
| Japan | HIGH | Japan faces a high volume of cyberattacks, particularly ransomware and state-linked APTs from China, Russia, and North Korea, leading to a proactive shift in its cyber defense posture. |
Average of 1,231 cyberattacks per week in 2025
134 ransomware incidents in 2025
|
| South_Korea | HIGH | South Korea experiences a high volume of cyber breaches, with a significant increase in AI-powered attacks, deepfake social engineering, and persistent targeting by North Korean APT groups against government, military, and financial sectors. |
2,383 cybersecurity breaches in 2025 (26% increase from 2024)
SK Telecom breach compromised 27 million customer accounts
|
| North_Korea | CRITICAL | North Korea's state-sponsored APT groups, including Lazarus, ScarCruft, and Kimsuky, are highly active, focusing on sophisticated cyber espionage and large-scale cryptocurrency theft to fund state operations, often leveraging AI and social engineering. |
ScarCruft's "Artemis" campaign distributing malware via HWP documents (Aug-Nov 2025)
Kimsuky group deployed AI-generated deepfake images in military spear-phishing (2025)
|
| Taiwan | CRITICAL | Taiwan faces an exceptionally high volume of daily cyberattacks, primarily from China's "cyber army," targeting critical infrastructure and government in conjunction with political and military actions. |
2.63 million daily cyberattacks from China in 2025
Energy and hospital sectors saw the most significant surge
|
| Philippines | HIGH | The Philippines faces a high threat level due to rapid digitalization, significant credential compromises, and sustained cyber-espionage, with attacks often linked to geopolitical tensions. |
Q3 2025 saw compromise of over 52 million user credentials
Healthcare sector is the most targeted
|
| Vietnam | HIGH | Vietnam experiences a high threat level with sophisticated, multi-layered cyberattacks increasingly focused on data theft and ransomware, despite a decrease in the total number of incidents, and is strengthening its cyber governance. |
Thousands of cyberattacks targeted government, organizations, businesses in 2025
Ransomware incidents surged, affecting over 3,000 enterprises in 2025
|
| Indonesia | HIGH | Indonesia faces a high and evolving cyber threat landscape characterized by a massive volume of attacks, sophisticated ransomware, and persistent phishing, with critical infrastructure and financial sectors being prime targets. |
3.64 billion cyberattacks/traffic anomalies from Jan-July 2025 (83.68% malware-based)
Ransomware attack on Temporary National Data Center (PDNS) in Surabaya (June 2024), disrupting 200+ government agencies
|
| Singapore | HIGH | Singapore faces a high threat level from sophisticated state-sponsored APTs, a high volume of DDoS attacks, and persistent supply chain vulnerabilities, despite strong counter-operations. |
China-linked group UNC3886 breached all four major telecommunications providers (Feb 2026)
Ongoing cyberattacks on critical infrastructure by a China-linked espionage group (July 2025)
|
| Thailand | HIGH | Thailand faces a high and escalating cyber threat, with a significant increase in ransomware, data breaches, and phishing attacks targeting government agencies and critical infrastructure, exacerbated by AI-driven threats. |
3,201 cyberattacks per week in H1 2025 (164% higher than global average)
Over 109,000 ransomware incidents (highest in Southeast Asia)
|
| Malaysia | MEDIUM | Malaysia experiences a medium but evolving cyber threat landscape, with fraud, data breaches, and intrusions remaining significant concerns, driven by social engineering and credential compromise. |
1,881 cyber incidents in Q4 2025 (Fraud, Data Breach, Intrusion were most frequent)
171 data breach incidents in Q4 2025
|
| Myanmar | HIGH | Myanmar faces a high threat level characterized by widespread internet shutdowns, online information manipulation by the military junta, and flourishing cybercrime operations often linked to human trafficking. |
105 instances of internet shutdown across 73 townships in 2025
Rise of cybercrime and subsequent block of Starlink connectivity
|
| Cambodia | HIGH | Cambodia is a hub for large-scale online scam networks and cyber fraud, leading to significant international pressure and government crackdowns, alongside hacktivist activity. |
Crackdown on online scam operations: 118 locations, 4,983 suspects arrested in H2 2025
190 locations raided, 2,500+ suspects arrested in Jan 2026
|
| Mongolia | MEDIUM | Mongolia faces medium cybersecurity challenges, including a significant number of cyberattacks and cybercrimes, a lack of sovereign digital infrastructure, and low cybersecurity literacy, with government entities targeted by state-aligned APTs. |
1.6 million cyber-attacks and incidents, 13061 cybercrimes, and $25.4 million cost in 2024
China-aligned GopherWhisper targeted a Mongolian government entity using Slack, Discord, and Microsoft 365 Outlook for C2 and data theft (discovered Jan 2025).
|
| Brunei | MEDIUM | Brunei's cybersecurity posture is likely influenced by regional threats, though specific recent incidents are not publicly detailed, suggesting a developing but potentially vulnerable landscape. |
None specifically identified for 2025-2026.
|
Sector Threat Matrix
Government
CRITICAL
Government entities across the Asia-Pacific are under relentless assault from nation-state APTs and hacktivists, aiming for espionage, data theft, and disruption of critical services, often correlated with geopolitical events.
- Nation-state APTs (espionage, data exfiltration, sabotage)
- Deepfake social engineering
- Ransomware
Finance & Banking
HIGH
The financial sector faces persistent threats from ransomware, sophisticated phishing, deepfake fraud, and DDoS attacks, with significant financial losses and data breaches reported across the region.
- Ransomware (double extortion)
- Deepfake corporate fraud
- Cryptocurrency theft (nation-state actors)
Energy & Utilities
CRITICAL
The energy and utilities sector is a critical target for nation-state actors and hacktivists seeking to disrupt operations and conduct espionage, with attacks often increasing during periods of geopolitical tension.
- Nation-state APTs (espionage, sabotage)
- Ransomware
- DDoS attacks
Telecommunications
CRITICAL
Telecommunications providers are consistently targeted by state-sponsored APTs for espionage, persistent access, and monitoring of communications, as well as by cybercriminals for data breaches and service disruption.
- Nation-state APTs (espionage, persistent access, zero-day exploits)
- Data breaches
- DDoS attacks
Defense & Military
CRITICAL
The defense and military sector is a prime target for nation-state APTs seeking intelligence, advanced technology, and strategic information, often through sophisticated cyber espionage campaigns.
- Nation-state APTs (espionage, intelligence gathering)
- Spear-phishing (deepfake-enabled)
- Supply chain attacks (semiconductor/defense suppliers)
Healthcare
HIGH
The healthcare sector is highly vulnerable to ransomware and data theft, with incidents causing operational disruptions and exposing sensitive patient information, often targeted by both cybercriminals and state-linked actors.
- Ransomware (encrypting data, double extortion)
- Data theft (patient records)
- Phishing
Technology
HIGH
The technology sector, including semiconductor and e-commerce, faces significant threats from intellectual property theft, supply chain attacks, and exploitation of vulnerabilities, often by state-sponsored actors.
- Intellectual property theft
- Supply chain attacks
- Exploitation of hardware/software vulnerabilities
Cyber News Feed
Last 7 days
- Canvas system is online after a cyberattack disrupted thousands of schools
- North Korea pushes boil-water order as spring disease season arrives
- Education platform Canvas hit by cyberattack; CSA offering assistance to affected organisations
- Media network founder, 4 others may post bail
- Canvas system used by thousands of schools is back online after a cyberattack disrupted studies
- HK institutions affected by Canvas cyberattack
- Gov't launches $8.3 mil. AI cybersecurity program, selects 50 firms
- NBI move vs anchor of controversial social media firm an attack on press freedom, says expert
- Hackers block access to platform used by thousands of US schools
- NUS among Singapore institutions named in global data breach list
- IMF warns of ‘inevitable’ AI-powered threats to global financial system
- China’s use of propaganda may outwit US if Taiwan conflict arises, experts warn
- Coming in June: New MyKad with advanced encryption, holograms and QR codes, no Touch ’n Go function
- Timor-Leste and Australia discuss cybersecurity and digital protection measures
- News accuracy must remain priority despite pressure to publish fast, says deputy communications minister
Incident Log
Last 30 days
No incidents logged yet. Incidents are populated automatically from CTI briefs or can be added via Django Admin.