Singapore's unique geographic position and economic standing have made it a frontline battleground for both regional cybercrime networks and state-sponsored cyber forces. Its advanced manufacturing sector, globally connected financial services, and role as a hub for international conferences combine to make it one of the most attractive — and most attacked — nations in the Asia-Pacific.
In 2025, attack patterns followed a distinct arc: low activity in January and February, then a concentrated surge through July that hit an annual peak. Three forces drove this: the restructuring of the global ransomware ecosystem following law enforcement takedowns of LockBit and ALPHV, rapid exploitation of newly disclosed vulnerabilities, and Singapore's hosting of major regional conferences that drew APT attention to government and critical infrastructure.
"Singapore's ransomware landscape shifted from sporadic incidents to high-frequency, normalized attacks — progressively targeting the core infrastructure of national operations."
Singapore's risk is structural. Manufacturing, technology, and financial services — the pillars of its economy — are exactly the sectors ransomware groups prize most. Attackers exploit Singapore's regulatory environment with particular ruthlessness: 66% of respondents report being threatened with regulatory reporting if they refuse to pay, turning compliance obligations into extortion leverage.
The result is a vicious cycle. With 50% of organizations having paid ransoms multiple times, attackers have learned that Singapore targets reliably yield returns — reinforcing the city-state's position at the top of every criminal group's target list.
APT attacks targeting Singapore focus on government networks, critical infrastructure, and research institutions — seeking intelligence with long-term strategic value rather than short-term financial gain.
|
Lazarus |
The most financially destructive APT group active in Singapore. Stole $1.5B in a single supply chain operation — the largest cryptocurrency theft in history. Also linked to the ~$70M breach of Singapore-based crypto exchange in January 2025. |
Finance . Crypto |
|
Mabna Institute |
Focused on academic espionage — credential stuffing and phishing against universities and research institutions. Singapore academic accounts appeared for sale on the dark web in early 2025, indicating active collection operations. |
Academia . Research |
Five ransomware groups drove Singapore's threat landscape in 2025, each exploiting the double extortion model — encrypting systems while simultaneously threatening to leak stolen data to amplify pressure on victims.