Press ReleaseCyber Crime & Forensic

Group-IB Report: Networked Supply Chain Cyberattacks to Significantly Transform APAC Cyber Risk Landscape in 2026 

Uncovered 263 Instances of Corporate Access in Asia-Pacific Being Sold on the Dark Web in 2025

Group-IB, a leading developer of cybersecurity technologies to investigate, prevent, and fight digital crime, recently released its High-Tech Crime Trends Report 2026, warning that supply chain attacks have evolved into unified ecosystems of compromised trust, access, and data.

The report reveals that as organisations become digitally interdependent, attackers are increasingly targeting upstream vendors and service providers to gain scale, speed, and stealth.

Rather than attacking companies directly, adversaries exploit trusted relationships across the digital supply chain, bypassing traditional defences and gaining access to entire customer networks.

“Today’s cyber threats aren’t isolated events,” said Group-IB CEO Dmitry Volkov. “They’re links in a supply chain attack ecosystem, where one compromise can reach thousands of downstream victims. Phishing, ransomware, data breaches, and insider abuse are all phases of the same campaign, built on exploiting trust and extending the cyber threat footprint.”

In Asia-Pacific, Group-IB uncovered 263 instances of corporate access being sold on the dark web in 2025 to facilitate these attacks.

The cyber risk is amplified by the surge in data leaks, according to the report. Stolen credentials, source code, API keys, and internal communications give attackers insight into business workflows and relationships.

Combined with brokered access, this data enables highly targeted intrusions, impersonation, and fraud campaigns that blend into legitimate activity.

Key Findings in the Group-IB ‘High-Tech Crime Trends Report 2026’

  • Open-source ecosystems under siege: Package repositories such as npm and PyPI have become prime targets, stolen maintainer credentials, and automated malware worms to compromise widely used libraries—turning development pipelines into large-scale distribution channels for malicious code.

  • The rise of malicious browser extensions: Threat actors increasingly weaponise trusted browser add-ons, hijacking official marketplaces and developer accounts to harvest credentials, hijack sessions, and steal financial data directly from users’ browsers.

  • Phishing-driven identity compromise: AI-powered phishing campaigns now target high-trust integrations and OAuth workflows, allowing attackers to bypass MFA and gain persistent, legitimate access to SaaS platforms, CI/CD pipelines, and cloud environments. Financial services, government and military, and telecommunications were the most targeted industries for phishing attacks in the Asia-Pacific region in 2025.

  • Data breaches as force multipliers: Rather than pursuing single-victim leaks, attackers are moving upstream—compromising service providers and integration layers to trigger multi-tenant exposure and cascading downstream impact.

  • An industrialised ransomware supply chain: Initial Access Brokers, data brokers, and ransomware operators now operate as tightly coordinated ecosystems, focusing on upstream access points to maximise operational and financial damage. In 2025, the industries in Asia-Pacific most targeted by ransomware groups were manufacturing, financial services, and real estate.

In 2025, AI-enabled tooling lowered the barrier to entry for threat actors, allowing faster creation of phishing kits, more convincing impersonation, and scalable exploitation of open-source software, authentication flows, and browser environments.

“AI did not create supply chain attacks, it has made them cheaper, faster, and harder to detect,” Volkov added. “Unchecked trust in software and services is now a strategic liability.”

Through detailed case studies and threat actor profiling, the High-Tech Crime Trends Report 2026 highlights how 2025 marked a pivotal escalation in supply chain threats—from the weaponisation of open-source ecosystems and the rise of malicious browser extensions to AI-driven phishing, OAuth abuse, and the emergence of an industrialised ransomware supply chain. The report documents sustained activity by supply-chain-focused actors such as Lazarus, Scattered Spider, HAFNIUM, DragonForce, 888, and campaigns linked to Shai-Hulud, underscoring how both criminal groups and state-aligned operators are exploiting the same trusted platforms and integration layers to achieve asymmetric impact at scale.

The High-Tech Crime Trends Report 2026 is powered by unique intelligence from Group-IB’s Digital Crime Resistance Centers (DCRCs) in 11 countries around the world, and adversary-centric telemetry, combined with real-world cybercriminal investigations, and round-the-clock global monitoring of underground ecosystems. It provides actionable insight for enterprises, governments, and law enforcement seeking to anticipate emerging risks and disrupt attack chains before damage occurs.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *