EXECUTIVE THREAT LANDSCAPE REPORT MALAYSIA

Why Cyber Threat Actors Target Malaysia?

• Geopolitical Position: Malaysia’s strategic location in Southeast Asia makes it a focal point for regional power dynamics, providing a gateway to monitor and potentially influence political and economic activities in neighboring countries.
• Economic Significance: Malaysia is a hub for international trade, finance, and manufacturing, particularly in sectors like electronics, automotive, and commodities such as palm oil and petroleum. Gaining access to proprietary business information, and trade secrets, or disrupting key industries can provide economic and competitive advantages to state-sponsored actors.
• Critical Infrastructure: Malaysia is actively expanding its digital and physical infrastructure as part of its national development plans. This makes its energy, telecommunications, and transportation systems prime targets for cyberattacks that seek to disrupt essential services or gather sensitive operational intelligence.
• Regional Influence: Through cyber operations, state-sponsored actors can attempt to sway political opinions, manipulate public discourse, or interfere in the democratic processes to shape Malaysia’s domestic and foreign policies in favor of their national interests.
• Intelligence Gathering: Malaysia’s diverse population and central position in ASEAN make it a valuable source of intelligence on regional security issues, migrant movements, and counterterrorism efforts. Cyber intrusions can facilitate clandestine information gathering that supports broader security and intelligence objectives.

WHY CYBER THREAT ACTORS TARGET MALAYSIA?

Geopolitical Risk Factors Driving Cyber Threats in Malaysia

• Critical Maritime Chokepoint: Malaysia’s proximity to the Strait of Malacca, a crucial maritime passageway connecting the Indian Ocean with the Pacific Ocean, highlights its strategic significance. The strait facilitates a significant volume of global trade, including energy supplies. This places Malaysia at the heart of potential geopolitical tensions, particularly between major powers like the U.S. and China, who are keen on ensuring unimpeded access to this route.
• Economic Leverage and Dependencies: Malaysia’s growing economic power, especially in sectors like semiconductors, makes it a pivotal player in global supply chains. However, shifts in global manufacturing, driven by geopolitical tensions and strategies like the diversification away from Chinese manufacturing to other Asian countries, can alter regional dynamics and potentially lead to economic and political strain.
• Complex Diplomatic Balancing Act: Historically, Malaysia has maintained a non-aligned stance, fostering strong ties with both Western powers and China. This delicate balance is increasingly challenged by regional military and economic pressures, particularly with Beijing’s assertive naval activities in the South China Sea.
• South China Sea Disputes: China’s claims that over 90% of the South China Sea, including areas within Malaysia’s exclusive economic zone, continues to be a major source of tension. These territorial claims, contrary to the United Nations Convention on the Law of the Sea, pose significant threats to regional stability and could precipitate military confrontations.
• Forming Alliances Against Emerging Threats: The formation of the Indo-Pacific Economic Framework (IPEF) is a strategic response to perceived security threats, such as the China-Solomon Islands security deal. This alliance aims to strengthen economic and security ties among member countries, including Malaysia, to counterbalance China’s influence.
• Potential Flashpoints and Future Conflicts: The ongoing tensions over Taiwan and the South China Sea are potential flashpoints that could escalate into larger conflicts, affecting Malaysia directly or indirectly. The region’s readiness for cyber conflicts, especially preemptive cyber campaigns, highlights the evolving nature of modern warfare where cyber capabilities play a significant role.

The Asia-Pacific region, with Malaysia as a critical node, is poised to be a central arena for geopolitical competition in the 21st century. Malaysia’s strategic location, economic significance, and diplomatic maneuvers place it at the nexus of these tensions, requiring adept management of both economic policies and security strategies to navigate the complex geopolitical landscape effectively. As the regional dynamics evolve, the interplay of military build-up, economic dependencies, and cyber warfare will shape the geopolitical risks for Malaysia and its neighbors.

Trends From The Dark Web

CYFIRMA observed a surge in cyber campaigns targeting Malaysia in 2021, followed by sustained activity through 2024. This pattern reflects Malaysia’s increasing strategic and economic importance in the region. The consistent targeting signals ongoing interest from both state-sponsored and financially motivated threat actors.

CYFIRMA’s analysis reveals that over 90% of threat actors targeting Malaysia originate from China and Russia, highlighting the influence of geopolitical drivers behind these cyber campaigns. The dominance of state-linked actors suggests a strong focus on espionage, intellectual property theft, and regional influence.

CYFIRMA observed a wide spectrum of threat actors targeting Malaysia, led by MISSION2025 and TA505, both known for their strategic precision and resource depth. The presence of state-sponsored groups like Fancy Bear, Leviathan, and Gamaredon show that Malaysia is no longer flying under the radar, it’s on the global cyber threat map. This “mixed bag” of APT groups, from espionage to financially motivated actors, highlights the need for robust, layered defenses.

CYFIRMA observed that web applications are the most frequently targeted technology in Malaysia, accounting for the majority of attacks. This highlights a critical risk area as organizations accelerate digital transformation and customer-facing services. Lesser but notable targeting of operating systems and cloud infrastructure suggests expanding attacker interest in backend systems.

CYFIRMA observed a diverse malware ecosystem targeting Malaysia, ranging from Cobalt Strike and Cl0p Ransomware to stealthy info stealers like AutoIT and FlawedAmmy RAT. The presence of both commodity and advanced malware highlights a blended threat landscape where state actors and cybercriminals deploy overlapping tools. Notably, malware linked to espionage, disruption, and financial gain suggests multi-objective campaigns requiring cross-sectoral cyber defense coordination.

CYFIRMA observed that IT Services, Financial Services, and Industrial Conglomerates are the top targets of cyber threat actors in Malaysia. This trend reflects attackers’ focus on sectors with high digital dependency, sensitive data, and economic influence. The breadth of targeted industries from government to luxury goods highlights a broad threat surface across both critical infrastructure and commercial domains. Organizations and executives must prioritize industry-specific threat mitigation strategies aligned with their sector’s risk profile.

Ransomware

Year-to-Year Elevation: High

In 2023, CYFIRMA recorded 4,723 verified ransomware victims, while in 2024, the number increased to 5,123, representing an 8.5% year-over-year growth across all industries.

CYFIRMA observed that LockBit3 dominates ransomware activity in Malaysia, accounting for 28.57% of incidents, followed by RansomHub at 10.71%. The presence of over 20 distinct ransomware groups highlights a fragmented yet highly active threat ecosystem. This diversity reflects the increasing use of Ransomware-as-a-Service (RaaS) models, making attacks easier to launch and harder to predict. Organizations should view ransomware as a persistent business risk requiring proactive board-level governance and sector-specific threat mitigation.

In early 2023, the takedown of Hive caused a temporary slowdown in ransomware activity. However, this was followed by a surge driven by Cl0p, leveraging the MOVEit vulnerability.

Similarly, the early 2024 slowdown caused by the LockBit3 takedown was short-lived, as affiliates switched to other Ransomware-as-a-Service (RaaS) and RansomHub quickly emerged to fill the void in the RaaS ecosystem.

CYFIRMA observed a dramatic rise in ransomware attacks on Malaysian organizations, from 1 victim in 2022 to 22 in 2023, followed by 18 in 2024. While slightly lower than the 2023 peak, the 2024 figure confirms that ransomware remains a persistent and strategic threat. This trend highlights the urgent need for executive oversight in driving ransomware preparedness, incident response, and recovery capabilities across all critical sectors.

CYFIRMA observed that ransomware actors are heavily targeting Malaysia’s manufacturing sector (14.29%), followed by transportation, agriculture, finance, and IT. The diversity of affected sectors from critical infrastructure to public services reflects broad systemic exposure. This highlights the urgent need for sector-specific cyber risk frameworks and executive-driven investment in resilience and response capabilities across the national economy.

Darkweb Chatter Trend

Over the past six months, CYFIRMA observed a disproportionate surge in dark web chatter linked to Malaysia’s finance sector, accounting for over 4,300 mentions, a volume more than 15 times higher than any other industry. This trend signals active reconnaissance, targeting, or sale of financial data and access by cybercriminals. The persistent chatter around government, IT, and telecom sectors also reflects increasing threat actor focus on Malaysia’s Critical National Information Infrastructure (CNII).

Over the last six months, 81% of dark web chatter related to Malaysia focused on stolen credit card data, highlighting the country’s exposure to financial fraud and underground monetization. Other prominent themes include ransomware (5.1%), data leaks, and hacktivism, signaling broader risks to data privacy and national reputation. The trend reflects a mature cybercrime ecosystem exploiting Malaysia’s digital growth.

Emerging Trends in Malaysia Cyber Threat Landscape

Shift Toward Nation-State Targeting
Increased activity from Chinese and Russian-linked APT groups reflects Malaysia’s growing geopolitical and economic significance, especially in semiconductors, energy, and regional diplomacy.

Ransomware Attacks Becoming Industrialized
The rise in ransomware campaigns, led by Lockbit3 and RansomHub, shows growing maturity in Ransomware-as-a-Service (RaaS) operations targeting diverse sectors from manufacturing to public administration.

Financial Platforms in the Crosshairs
Threat actors are exploiting Malaysia’s expanding digital finance ecosystem, with large-scale leaks from platforms like i3investor and PitchIn.my highlighting rising data monetization risks.

Critical Infrastructure Under Siege
Telecommunications, transportation, and energy systems are increasingly targeted both for disruption and intelligence gathering highlighting vulnerabilities in Malaysia’s Critical National Information Infrastructure (CNII) sectors.

Web Applications & Remote Access Exploitation
Web-facing services remain the top attack vector, driven by misconfigurations, vulnerable APIs, and poor identity/access controls.

Data Brokerage on the Rise
Leaked databases containing sensitive personal and organizational data are increasingly traded on underground forums, enabling follow-on attacks like fraud, phishing, and credential stuffing.

Dark Web Economy Targeting Malaysia
Administrative access to telecom portals and government dashboards are being sold with increasing frequency signaling a shift toward persistent and monetizable access.