Group-IB has issued a stark warning about the evolving nature of cyber threats in the Asia-Pacific region, highlighting that supply chain cyber attacks are fundamentally reshaping the threat landscape. In its High-Tech Crime Trends Report 2026, the cybersecurity firm emphasized that a growing number of criminals and state-aligned groups are utilizing trusted vendors, software components, and service providers as gateways to infiltrate broader networks.
The report details a significant shift from single-target intrusions to a more interconnected ecosystem of compromised access, trust relationships, and leaked data. Dmitry Volkov, CEO of Group-IB, noted, “Today’s cyber threats aren’t isolated events. They’re links in a supply chain attack ecosystem, where one compromise can reach thousands of downstream victims.” He explained that phishing, ransomware, data breaches, and insider abuse can occur as part of a single, interconnected campaign that exploits trust and expands the cyber threat footprint.
In 2025, Group-IB reported 263 instances of corporate access from Asia-Pacific being offered for sale on dark web forums and marketplaces. This access is often utilized by intrusion specialists known as initial access brokers, who may later sell the information to other actors for espionage, extortion, fraud, or disruption. The reliance on supply chain attacks reflects the digital interdependence that characterizes modern corporate operations, where organizations frequently connect to suppliers, cloud services, and outsourced IT providers, creating vulnerabilities that can bypass perimeter-focused security measures.
The report identifies data leaks as a significant factor amplifying risk. Exposed credentials, source code, API keys, and internal communications can provide insightful details about business processes and supplier relationships. When this information is combined with brokered access, it facilitates impersonation, targeted intrusions, and fraud that can seamlessly blend with legitimate use. One notable area of concern is open-source software distribution, where widely used libraries can propagate malicious code at scale. Package repositories like npm and PyPI have become targets for credential theft and automated malware campaigns, with attackers compromising maintainer accounts to introduce harmful updates.
The report also highlights a rise in malicious browser extensions, with criminals hijacking developer accounts or manipulating official marketplaces to distribute harmful add-ons that can harvest credentials and capture financial information. Group-IB asserts that phishing tactics are evolving; they are increasingly focused on identity workflows and high-trust integrations rather than merely capturing credentials. The report points to AI-assisted phishing campaigns targeting OAuth flows and other single sign-on mechanisms, which can bypass multi-factor authentication when malicious prompts are approved by users.
During 2025, financial services, government and military organizations, and telecommunications were identified as the most targeted industries for phishing attacks in Asia-Pacific. Ransomware also continues to exhibit supply chain characteristics, with various specialist roles working in sequence. Group-IB describes an “industrialized” ransomware supply chain that involves initial access brokers, data brokers, and ransomware operators, targeting sectors such as manufacturing, financial services, and real estate.
Artificial intelligence is significantly impacting the speed and cost of running these cyber campaigns, making them more efficient and harder to detect. “AI did not create supply chain attacks; it has made them cheaper, faster, and harder to detect,” Volkov remarked. He underscored that unchecked trust in software and services is now a strategic liability for organizations.
The report lists various actors associated with supply chain-focused activity, including Lazarus, Scattered Spider, HAFNIUM, DragonForce, and 888, alongside campaigns linked to Shai-Hulud. This illustrates the convergence of criminal organizations and state-aligned operators targeting similar platforms and integration layers. Group-IB’s analysis is based on extensive monitoring of underground forums, leak sites, and criminal marketplaces, alongside intelligence gathered through its Digital Crime Resistance Centers in 11 countries, headquartered in Singapore.
In 2025, Group-IB also supported 52 local and international law enforcement agencies in six global operations. In Asia-Pacific, the company assisted the Royal Thai Police and the Singapore Police Force in apprehending a cybercriminal linked to data leaks and cyber extortion in sectors such as healthcare, finance, eCommerce, and logistics. The company dismantled a cybercriminal network that compromised more than 216,000 victims and resulted in 32 arrests throughout the region.
The report’s emphasis on upstream compromise aligns with a growing trend in cyber risk management, where organizations are increasingly assessing not only their own vulnerabilities but also the resilience of their vendors and technology supply chains. This shift has heightened focus on software provenance, identity security, third-party access controls, and monitoring risks associated with developer tooling and browser usage.
Group-IB’s High-Tech Crime Trends Report 2026 includes case studies and profiles of various threat actors, providing further insights into the evolution of supply chain methods throughout 2025 and their potential implications for the region’s cyber risk landscape in the coming year.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
