Group-IB Report: Networked Supply Chain Cyberattacks to Significantly Transform APAC Cyber Risk Landscape in 2026
Uncovered 263 Instances of Corporate Access in Asia-Pacific Being Sold on the Dark Web in 2025

Group-IB, a leading developer of cybersecurity technologies to investigate, prevent, and fight digital crime, recently released its High-Tech Crime Trends Report 2026, warning that supply chain attacks have evolved into unified ecosystems of compromised trust, access, and data.
The report reveals that as organisations become digitally interdependent, attackers are increasingly targeting upstream vendors and service providers to gain scale, speed, and stealth.
Rather than attacking companies directly, adversaries exploit trusted relationships across the digital supply chain, bypassing traditional defences and gaining access to entire customer networks.
“Today’s cyber threats aren’t isolated events,” said Group-IB CEO Dmitry Volkov. “They’re links in a supply chain attack ecosystem, where one compromise can reach thousands of downstream victims. Phishing, ransomware, data breaches, and insider abuse are all phases of the same campaign, built on exploiting trust and extending the cyber threat footprint.”
In Asia-Pacific, Group-IB uncovered 263 instances of corporate access being sold on the dark web in 2025 to facilitate these attacks.
The cyber risk is amplified by the surge in data leaks, according to the report. Stolen credentials, source code, API keys, and internal communications give attackers insight into business workflows and relationships.
Combined with brokered access, this data enables highly targeted intrusions, impersonation, and fraud campaigns that blend into legitimate activity.
Key Findings in the Group-IB ‘High-Tech Crime Trends Report 2026’
-
Open-source ecosystems under siege: Package repositories such as npm and PyPI have become prime targets, stolen maintainer credentials, and automated malware worms to compromise widely used libraries—turning development pipelines into large-scale distribution channels for malicious code.
-
The rise of malicious browser extensions: Threat actors increasingly weaponise trusted browser add-ons, hijacking official marketplaces and developer accounts to harvest credentials, hijack sessions, and steal financial data directly from users’ browsers.
-
Phishing-driven identity compromise: AI-powered phishing campaigns now target high-trust integrations and OAuth workflows, allowing attackers to bypass MFA and gain persistent, legitimate access to SaaS platforms, CI/CD pipelines, and cloud environments. Financial services, government and military, and telecommunications were the most targeted industries for phishing attacks in the Asia-Pacific region in 2025.
-
Data breaches as force multipliers: Rather than pursuing single-victim leaks, attackers are moving upstream—compromising service providers and integration layers to trigger multi-tenant exposure and cascading downstream impact.
-
An industrialised ransomware supply chain: Initial Access Brokers, data brokers, and ransomware operators now operate as tightly coordinated ecosystems, focusing on upstream access points to maximise operational and financial damage. In 2025, the industries in Asia-Pacific most targeted by ransomware groups were manufacturing, financial services, and real estate.
In 2025, AI-enabled tooling lowered the barrier to entry for threat actors, allowing faster creation of phishing kits, more convincing impersonation, and scalable exploitation of open-source software, authentication flows, and browser environments.
“AI did not create supply chain attacks, it has made them cheaper, faster, and harder to detect,” Volkov added. “Unchecked trust in software and services is now a strategic liability.”
Through detailed case studies and threat actor profiling, the High-Tech Crime Trends Report 2026 highlights how 2025 marked a pivotal escalation in supply chain threats—from the weaponisation of open-source ecosystems and the rise of malicious browser extensions to AI-driven phishing, OAuth abuse, and the emergence of an industrialised ransomware supply chain. The report documents sustained activity by supply-chain-focused actors such as Lazarus, Scattered Spider, HAFNIUM, DragonForce, 888, and campaigns linked to Shai-Hulud, underscoring how both criminal groups and state-aligned operators are exploiting the same trusted platforms and integration layers to achieve asymmetric impact at scale.



