Malaysia’s Cyber Threat Landscape Shifts as Digital Expansion Attracts Espionage and Ransomware Surge
Malaysia’s rapid digital growth particularly in energy, telecommunications, and transport has expanded its attack surface, making it a prime target for cyber threats driven by geopolitical and financial motives. A recent Cyfirma Threat Landscape Report highlights a structural shift in the country’s cyber risk profile, fueled by its strategic economic sectors and proximity to critical global trade routes like the Strait of Malacca.
Espionage and Financial Motives Drive Targeting
China-linked threat groups, including APT41 and Mustang Panda, dominate Malaysia’s espionage landscape, focusing on political intelligence, supply-chain surveillance, and technology acquisition especially in semiconductors and electronics. Their operations, often leveraging DLL sideloading and COOLCLIENT backdoor variants, target government, telecommunications, and advanced manufacturing sectors for long-term intelligence gathering.
Meanwhile, Russian-aligned actors adopt opportunistic tactics, exploiting global vulnerabilities and credential-based intrusions rather than Malaysia-specific campaigns. North Korea’s Lazarus Group and financially motivated collectives like FIN7 add further pressure, combining credential theft, ransomware, and financial targeting particularly against banks, cryptocurrency platforms, and defense-related entities.
Ransomware Activity Peaks, Broadens Across Sectors
Ransomware remains a persistent threat, with January 2026 marking the highest victim listings in a three-month monitoring period, followed by moderate activity in December 2025 and a slight decline in February 2026. Key affected industries include:
- Professional services
- Materials
- Transportation & logistics
- Finance
The attacks reflect opportunistic, financially driven patterns, with no single group dominating. Instead, ransomware operators leverage access brokers and broad exploitation techniques, mirroring regional trends.
Web Apps and Social Engineering Top Attack Vectors
Malaysia’s push toward digital services has made web applications the most targeted attack surface, accounting for a significant share of incidents. However, threat actors are also probing operating systems and cloud infrastructure, signaling a shift toward deeper exploitation.
Phishing dominates fraud cases, comprising 66% of reported incidents by July 2025 (rising to 75% in Q3) and contributing to RM1.58 billion in online scam losses in 2024. Social engineering responsible for 70–77% of fraud is evolving with AI-driven deception, including deepfake scams, QR code phishing, and localized "Manglish" messages to enhance credibility.
DDoS and Hacktivism Escalate
Malaysia faces a high-frequency DDoS threat environment, with over 120,000 attacks recorded in a single period. Techniques are growing in sophistication, including multi-vector assaults exceeding 350 Gbps, some tied to ransom demands (e.g., disruptions to airport systems).
Hacktivism is also becoming more structured and politically driven, shifting from basic defacements to coordinated data leaks and ransomware-style extortion. The R00tK1T ISC campaign in early 2024 exemplified this trend, breaching government systems and national databases.
Critical Infrastructure and Supply Chains Under Pressure
Malaysia’s expanding role in semiconductor manufacturing and global supply chains has heightened its appeal for cyber espionage, particularly targeting intellectual property. Key sectors IT services, finance, and industrial conglomerates face sustained risks from both state-backed actors and financially motivated groups.
The report underscores Malaysia’s dual-threat environment, where espionage campaigns (e.g., Fancy Bear, Leviathan, Gamaredon) coexist with ransomware operations (e.g., TA505, MISSION2025), complicating defense strategies. As cyber operations increasingly align with geopolitical tensions, the country’s maritime, government, and financial sectors remain high-priority targets.
With 19.62 million web-based attacks recorded in H1 2024 the highest in Southeast Asia Malaysia’s cybersecurity posture must adapt to a landscape where digital interference, supply-chain risks, and AI-driven deception are becoming the new norm.
FIN7 TPRM report: https://www.rankiteo.com/company/prodaft
Cyfirma TPRM report: https://www.rankiteo.com/company/cyfirma
"id": "cyfpro1775586493",
"linkid": "cyfirma, prodaft",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': ['Energy',
'Telecommunications',
'Transport',
'Finance',
'Professional services',
'Materials',
'Semiconductors',
'IT services',
'Defense'],
'location': 'Malaysia',
'type': ['Government',
'Telecommunications',
'Finance',
'Transportation & logistics',
'Professional services',
'Materials',
'Semiconductor manufacturing',
'IT services',
'Industrial conglomerates']}],
'attack_vector': ['Web applications',
'Social engineering',
'Phishing',
'DLL sideloading',
'Credential-based intrusions',
'Multi-vector DDoS'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': ['High (government, defense, '
'financial)'],
'type_of_data_compromised': ['Political intelligence',
'Supply-chain data',
'Intellectual property',
'Personally identifiable '
'information',
'Financial data']},
'description': 'Malaysia’s rapid digital growth in energy, '
'telecommunications, and transport has expanded its attack '
'surface, making it a prime target for cyber threats driven by '
'geopolitical and financial motives. The Cyfirma Threat '
'Landscape Report highlights a structural shift in the '
'country’s cyber risk profile, fueled by its strategic '
'economic sectors and proximity to critical global trade '
'routes like the Strait of Malacca.',
'impact': {'financial_loss': 'RM1.58 billion in online scam losses in 2024',
'operational_impact': 'Disruptions to critical infrastructure '
'(e.g., airport systems)',
'systems_affected': ['Government systems',
'National databases',
'Airport systems',
'Semiconductor manufacturing',
'Telecommunications',
'Finance',
'Cloud infrastructure']},
'initial_access_broker': {'backdoors_established': ['COOLCLIENT backdoor '
'variants'],
'entry_point': ['Phishing',
'Credential theft',
'Web applications'],
'high_value_targets': ['Government',
'Telecommunications',
'Semiconductor manufacturing',
'Finance']},
'lessons_learned': 'Malaysia’s cybersecurity posture must adapt to a '
'landscape where digital interference, supply-chain risks, '
'and AI-driven deception are becoming the new norm. The '
'dual-threat environment of espionage and ransomware '
'complicates defense strategies.',
'motivation': ['Geopolitical espionage',
'Financial gain',
'Intellectual property theft',
'Political disruption',
'Supply-chain surveillance'],
'post_incident_analysis': {'root_causes': ['Rapid digital expansion',
'Geopolitical tensions',
'Supply-chain vulnerabilities',
'AI-driven social engineering']},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'references': [{'source': 'Cyfirma Threat Landscape Report'}],
'threat_actor': ['APT41',
'Mustang Panda',
'Lazarus Group',
'FIN7',
'Fancy Bear',
'Leviathan',
'Gamaredon',
'TA505',
'MISSION2025',
'R00tK1T ISC'],
'title': 'Malaysia’s Cyber Threat Landscape Shifts as Digital Expansion '
'Attracts Espionage and Ransomware Surge',
'type': ['Espionage', 'Ransomware', 'Phishing', 'DDoS', 'Hacktivism'],
'vulnerability_exploited': ['DLL sideloading',
'COOLCLIENT backdoor variants',
'Credential theft',
'AI-driven deception (deepfake scams, QR code '
'phishing)']}