Ensign InfoSecurity Uncovers Rise in State-Sponsored Cyberattacks Across APAC 

Ensign InfoSecurity, Asia’s largest pure-play cybersecurity services provider, has released its sixth Cyber Threat Landscape Report (CTLR) 2025, revealing a significant rise in state-sponsored cyberattacks across Asia-Pacific (APAC) in 2024. Meanwhile, an increasingly sophisticated underground economy and growing supply chain vulnerabilities are driving the scale and success of attacks across the region. 

This report is based on insights drawn from Ensign’s proprietary telemetry and intelligence gathered across the APAC region in 2024. It provides a comprehensive view of the evolving threat landscape, and below are the key findings: 

Rising State-Sponsored Attacks Across APAC 

State-sponsored threat groups across APAC are on the rise, accounting for a notable number of cyberattacks in 2024. These groups are usually well-resourced and have high-level capabilities. Their modus operandi is characterised by stealth, persistence, and strategic patience, positioning themselves for future operations. 

Thriving Underground Economy Powers Persistent Threats 

The cyber underground has evolved into a mature and highly collaborative economy. Threat actors including ransomware groups, Initial Access Brokers (IABs), and hacktivists work in tandem; each specialises in a piece of an attack while pursuing multiple income streams. IABs, for instance, have adopted a “breach once, sell to many” model, monetising initial access by selling it to multiple parties. In the meantime, state-sponsored groups were observed to sub-contract attack tasks to other threat actors, adding layers of complexity to cyber campaigns. Such multi-stakeholder participation in cyberattack campaigns makes it increasingly difficult to attribute attacks to the original masterminds. 

“Threat actors are no longer operating in silos. The cyber underground today functions as an illicit, dynamic, and highly collaborative marketplace,” said Xiang Zheng Teo, Vice President of Advisory at Ensign InfoSecurity. “These alliances, combined with widening supply chain vulnerabilities, have made threat groups more capable, persistent, and difficult to dislodge.” 

Cyber Supply Chain Under Sustained Attack 

The Ensign InfoSecurity report reveals increasing sophistication in supply chain compromises, where hardware, software, and service providers are targeted for stealthy access into organisations. The Business and Professional Services (BPS) firms, such as legal, accounting, and consulting, have become prime targets. Because of the trusted relationships these firms maintain with their clients, they often possess large amounts of sensitive client data. Yet, they typically lack deep defensive capabilities, making them attractive pathways for attackers seeking broader network penetration. 

Dwell Time Quadrupled, Indicating Growing Detection Gaps 

Notably, compared to 2023, incident-response dwell time (the duration attackers remain undetected within networks) has risen significantly across industries. Across APAC, the maximum dwell quadrupled from 49 to 201 days, while the minimum dwell more than doubled to 7 days. This signals that cyber criminals had a much wider window to steal data, move across networks, and cause damage. 

Ensign InfoSecurity Provides Singapore Insights 

In Singapore, the Technology, Media and Telecommunications (TMT) sector experienced increased targeting by cyber threat actors in 2024, overtaking Manufacturing in 2023. Data breaches remained the most common attack outcome, accounting for 36% of observed incidents, followed by ransomware at 21%. 

Singapore also recorded the highest number of Ransomware variants in 2024, suggesting that threat actors are actively exploiting her position as a financial and digital hub. These groups may be using Singapore as a testbed for more complex attacks targeting other digitally advanced territories, or as a trusted supply chain pathway to gain access to regional or global targets. 

“We are increasingly seeing many organisations being compromised without them even realising it. As digitisation deepens, AI technologies become more pervasive and threat actors grow increasingly sophisticated, organisations must move beyond assumptions of safety,” Teo added. “It is clear that the cyber space is not benign. Organisations must continue to validate their defences, fix the weak links, and ensure that their cyber posture is operating at a level of readiness that meets today’s threat landscape. At Ensign, we remain committed to defending and protecting our customers in this dynamic environment.”