- Cyber threats like phishing and ransomware are now often links in a supply-chain attack ecosystem – a single compromise can reach thousands of downstream victims.
- Group-IB uncovered 263 instances of corporate access in Asia-Pacific being sold on the dark web in 2025
- Artificial Intelligence (AI) is making supply chain attacks cheaper, faster, and harder to detect
Group-IB, a leading developer of cybersecurity technologies to investigate, prevent, and fight digital crime, today released its High-Tech Crime Trends Report 2026, warning that supply chain attacks have evolved into unified ecosystems of compromised trust, access, and data.
The report reveals that as organizations become digitally interdependent, attackers are increasingly targeting upstream vendors and service providers to gain scale, speed, and stealth.
Rather than attacking companies directly, adversaries exploit trusted relationships across the digital supply chain, bypassing traditional defenses and gaining access to entire customer networks.
“Today’s cyber threats aren’t isolated events,” said Group-IB CEO Dmitry Volkov. “They’re links in a supply chain attack ecosystem, where one compromise can reach thousands of downstream victims. Phishing, ransomware, data breaches, and insider abuse are all phases of the same campaign, built on exploiting trust and extending the cyber threat footprint.”
In Asia-Pacific, Group-IB uncovered 263 instances of corporate access being sold on the dark web in 2025 to facilitate these attacks.
The cyber risk is amplified by the surge in data leaks, according to the report. Stolen credentials, source code, API keys, and internal communications give attackers insight into business workflows and relationships.
Combined with brokered access, this data enables highly targeted intrusions, impersonation, and fraud campaigns that blend into legitimate activity.
Key findings in the High-Tech Crime Trends Report 2026
- Open-source ecosystems under siege: Package repositories such as npm and PyPI have become prime targets, stolen maintainer credentials, and automated malware worms to compromise widely used libraries—turning development pipelines into large-scale distribution channels for malicious code.
- The rise of malicious browser extensions: Threat actors increasingly weaponize trusted browser add-ons, hijacking official marketplaces and developer accounts to harvest credentials, hijack sessions, and steal financial data directly from users’ browsers.
- Phishing-driven identity compromise: AI-powered phishing campaigns now target high-trust integrations and OAuth workflows, allowing attackers to bypass MFA and gain persistent, legitimate access to SaaS platforms, CI/CD pipelines, and cloud environments. Financial services, government and military, and telecommunications were the most targeted industries for phishing attacks in the Asia-Pacific region in 2025.
- Data breaches as force multipliers: Rather than pursuing single-victim leaks, attackers are moving upstream—compromising service providers and integration layers to trigger multi-tenant exposure and cascading downstream impact.
- An industrialized ransomware supply chain: Initial Access Brokers, data brokers, and ransomware operators now operate as tightly coordinated ecosystems, focusing on upstream access points to maximize operational and financial damage. In 2025, the industries in Asia-Pacific most targeted by ransomware groups were manufacturing, financial services, and real estate.
In 2025, AI-enabled tooling lowered the barrier to entry for threat actors, allowing faster creation of phishing kits, more convincing impersonation, and scalable exploitation of open-source software, authentication flows, and browser environments.
“AI did not create supply chain attacks, it has made them cheaper, faster, and harder to detect,” Mr Volkov added. “Unchecked trust in software and services is now a strategic liability.”
Through detailed case studies and threat actor profiling, the High-Tech Crime Trends Report 2026 highlights how 2025 marked a pivotal escalation in supply chain threats—from the weaponization of open-source ecosystems and the rise of malicious browser extensions to AI-driven phishing, OAuth abuse, and the emergence of an industrialized ransomware supply chain. The report documents sustained activity by supply-chain-focused actors such as Lazarus, Scattered Spider, HAFNIUM, DragonForce, 888, and campaigns linked to Shai-Hulud, underscoring how both criminal groups and state-aligned operators are exploiting the same trusted platforms and integration layers to achieve asymmetric impact at scale.
The High-Tech Crime Trends Report 2026 is powered by unique intelligence from Group-IB’s Digital Crime Resistance Centers (DCRCs) in 11 countries around the world, and adversary-centric telemetry, combined with real-world cybercriminal investigations, and round-the-clock global monitoring of underground ecosystems. It provides actionable insight for enterprises, governments, and law enforcement seeking to anticipate emerging risks and disrupt attack chains before damage occurs.
Download Group-IB High-Tech Crime Trends Report 2026 to learn more.
Additional data points
- In 2025, Group-IB supported 52 local and international law enforcement agencies across six law enforcement operations globally.
- For the Asia-Pacific region, for example, Group-IB aided the Royal Thai Police and Singapore Police Force in the arrest of ALTDOS, a Singaporean cybercriminal responsible for data leaks and cyber extortions targeting healthcare, finance, e-commerce and logistics.
- Group-IB also dismantled a cybercriminal network that compromised more than 216,000 victims, leading to 32 arrests in the Asia-Pacific.
About the High-Tech Crime Trends Report 2026
Group-IB’s High-Tech Crime Trends report is an annual, intelligence-led assessment of how cybercrime is evolving—and where it is heading next, which began in 2012. Grounded in the company’s Global Vision, the report fuses deep, on-the-ground regional intelligence with global analytical modeling to move beyond situational awareness toward forward-looking risk insight.
Built on proprietary research, continuous intelligence collection, and real-world investigations, the report draws from Group-IB’s presence in key cybercrime hubs worldwide. Analysts use specialized tooling to monitor dark web forums, dedicated leak sites (DLS), underground marketplaces, and criminal infrastructure, enabling early detection of emerging campaigns and shifts in attacker behavior.
About Group-IB
Established in 2003, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime globally. Headquartered in Singapore, and with Digital Crime Resistance Centers in the Americas, Europe, Middle East and Africa, Central Asia, and the Asia-Pacific, Group-IB analyses and neutralizes regional and country-specific cyber threats via its Unified Risk Platform, offering unparalleled defense through its industry-leading Threat Intelligence, Fraud Protection, Digital Risk Protection, Managed Extended Detection and Response (XDR), Business Email Protection, and External Attack Surface Management solutions, catering to government, retail, healthcare, gaming, financial sectors, and beyond. Group-IB collaborates with international law enforcement agencies like INTERPOL, Europol, and AFRIPOL to fortify cybersecurity worldwide, and has been awarded by advisory agencies including Aite-Novarica, Gartner, Forrester, Frost & Sullivan, and KuppingerCole.
For more information, visit us at www.group-ib.com or connect with us on LinkedIn, X, Facebook, and Instagram.
