Kaspersky expert warns that disruptive cyberattacks on governmental and critical systems in India alongside geopolitics will be a key driver shaping the APT threat landscape in the subcontinent next year.
Expert from the global cybersecurity and digital privacy company warns that Advanced Persistent Threats (APTs) in India will be shaped by geopolitical and cross-border tensions as well as the ongoing expansion and digitalization of the country’s India’s operational technology and critical systems.
“Ongoing regional tensions, hybrid warfare, and ideological hacktivism will continue to fuel both state-sponsored APTs and non-state threat actors, amplifying conflicts via digital means. Next year, geopolitics will remain the key driver for APT attacks, more destructive attacks like defacement, data leak, ransomware with politicized messaging, DDoS, and possibly more cyber operations tied to diplomatic incidents,” explains Saurabh Sharma, Lead Security Researcher for GReAT, Kaspersky.
With India’s continued push to go digital, highlighted by developments like DPI (Digital Public Infrastructure), Sharma also highlighted the need to augment legacy security with intelligence-backed cybersecurity defenses to combat damaging threats on national infrastructure and critical systems in the country.
Kaspersky expert explained that critical infrastructure like power, utilities, transport, and smart cities, as well as governmental institutions and services are increasingly becoming connected and digital, but sometimes with weak legacy security. And while India’s digitalization efforts are efficient and needed, it expands the attack surface for threat actors, which will naturally lead to more APT campaigns aiming at disruption, not just espionage or exfiltration.
“In 2026 and beyond, we’re looking at possible interference with electricity and water supplies, transport or geopolitical aftermaths, and even supply chain sabotage. India’s critical infrastructure is the backbone of its economy and public safety. As IT and OT systems converge, the role of advanced threat intelligence and integrated SOCs becomes vital to ensuring operational continuity and safeguarding national interests,” he adds.
To protect organizations and infrastructure against such attacks, Kaspersky experts strongly recommend:
- maintaining a patch management process to apply security fixes (organizations can use solutions like Vulnerability Assessment and Patch Management and Kaspersky Vulnerability Data Feed)
- using a comprehensive security solution that provides incident detection and response, as well as threat hunting. Kaspersky’s product line for businesses helps identify and prevent attacks of any complexity at an early stage.
- as most APT groups rely on spear-phishing emails as the initial attack vector, which highlights the importance of regular employee training and awareness programs for corporate security.
