New Cyble Report Finds Asia Accounts for the Highest Share of Energy & Utilities Breaches and Underground Access Sales as Ransomware and Hacktivist Activity Escalate Cyble today released its Energy & Utilities Threat Landscape Report 2025, revealing that Asia has emerged as the most targeted region for cyber threats against the energy sector, highlighting growing risks to critical infrastructure across India and the broader Asia-Pacific region.
According to Cyble Research and Intelligence Labs (CRIL), Asia accounted for the largest share of both compromised network access listings and data breaches affecting energy and utilities organizations, reflecting the region’s expanding digital energy infrastructure and increasingly complex supply chains.
“Asia’s rapidly modernizing energy infrastructure and interconnected supply chains have created an expanded attack surface for cybercriminals and nation-state actors,” said Daksh Nakra, Senior Manager of Research and Intelligence at Cyble. “For countries like India, where energy security and digital transformation are accelerating simultaneously, protecting operational technology environments is becoming a national priority.”
India and Asia in the Crosshairs
Cyble’s research highlights that Asia recorded the highest concentration of underground marketplace listings offering unauthorized access to energy and utility organizations, accounting for 10 of the 37 observed access-sale incidents globally (approximately 27%).
Such access listings typically provide attackers with footholds inside corporate networks, often enabling follow-on ransomware attacks, industrial espionage, or disruption of operational systems.
The report also identified 57 data breach and leak incidents targeting the sector, with Asia accounting for the largest share—18 cases (approximately 32%).
Researchers attribute this trend to several regional factors:
● Rapid digitization of energy infrastructure
● Growing deployment of connected industrial systems and IoT devices
● Complex supplier ecosystems across regional energy grids
These conditions significantly expand the potential attack surface, increasing the likelihood of credential theft, supply-chain compromise, and operational technology intrusions affecting utilities, power grids, and energy providers.
For India specifically, the findings highlight increasing exposure as the country continues to modernize power infrastructure, expand renewable energy deployments, and integrate digital control systems across utilities.
Global Threat Landscape: Key Findings
Beyond Asia, the report identifies a surge in coordinated cyber activity targeting energy infrastructure worldwide.
Ransomware Remains the Dominant Threat
Cyble recorded 187 confirmed ransomware incidents targeting the global Energy & Utilities sector in 2025, making ransomware the most significant cyber risk for critical infrastructure operators.
Five major ransomware groups drove nearly half of all observed attacks, including:
● RansomHub
● Akira
● Play
● Qilin
● Hunters / Lynx
These groups accounted for approximately 48.7% of all ransomware incidents, demonstrating increasing consolidation among ransomware operators targeting high-value sectors such as energy and utilities.
Critical Infrastructure Under Increasing Pressure
The report also documents a surge in hacktivist activity targeting energy systems, with more than 39,000 public leak or defacement posts linked to energy-related campaigns globally.
Several incidents illustrate the growing operational risk:
● Pro-Russian hacktivists claiming unauthorized access to U.S. oil and gas control systems
● ICS malware attacks disrupting heating systems in Ukraine
● Nation-state activity including China-linked Volt Typhoon maintaining access to U.S. energy networks for over 300 days
At the same time, researchers identified critical vulnerabilities affecting industrial control systems and energy devices, including flaws in ABB, Siemens, and widely deployed solar inverter platforms that could enable attackers to disrupt grid operations.
The full Energy & Utilities Threat Landscape Report 2025, including detailed threat actor analysis, regional insights, and incident case studies, is available for download here: https://cyble.com/resources/research-reports/energy-utilities-threat-landscape-report-2025/.
