Supply chain cyber attacks are reshaping the threat landscape across Asia-Pacific, as criminals and state-aligned groups increasingly use trusted vendors, software components, and service providers as entry points into broader networks, according to Group-IB’s High-Tech Crime Trends Report 2026.
The Interconnected Threat Ecosystem
The report describes a fundamental shift from single-target intrusions to what it calls a “connected ecosystem of compromised access, trust relationships, and leaked data.” Phishing, ransomware, data theft, and insider abuse now frequently appear as stages within a single chain of activity rather than isolated incidents.
“Today’s cyber threats aren’t isolated events,” said Dmitry Volkov, CEO of Group-IB. “They’re links in a supply chain attack ecosystem, where one compromise can reach thousands of downstream victims. Phishing, ransomware, data breaches, and insider abuse are all phases of the same campaign, built on exploiting trust and extending the cyber threat footprint.”
Dark Web Access Trading
Group-IB documented 263 instances of corporate access from Asia-Pacific being offered for sale on dark web forums and marketplaces during 2025. This access is typically used by initial access brokers and can later be leveraged by other threat actors for espionage, extortion, fraud, or disruption.
Data Leaks as Attack Amplifiers
The report highlights data leaks as a key amplifier of risk. Exposed credentials, source code, API keys, and internal communications provide detailed insight into business processes, supplier relationships, and technology stacks. Combined with brokered access, this information supports impersonation, targeted intrusion, and fraud activity that blends in with legitimate use.
Open-Source Software Under Attack
Package repositories including npm and PyPI have become targets for credential theft and automated malware campaigns. Attackers compromise maintainer accounts and introduce malicious updates into developer pipelines, spreading malicious code at scale through widely used libraries.
Browser-Based Supply Chain Attacks
The report describes a rise in malicious browser extensions, with criminals hijacking developer accounts or manipulating official marketplaces. These malicious add-ons harvest credentials, take over sessions, and capture financial information from within the browser.
AI-Enhanced Phishing Campaigns
Phishing is increasingly designed around identity workflows and high-trust integrations rather than simple credential capture. AI-assisted phishing campaigns now target OAuth flows and single sign-on mechanisms, bypassing multi-factor authentication where users approve malicious prompts or tokens are stolen after login.
The most targeted industries for phishing attacks in Asia-Pacific during 2025 were:
- Financial services
- Government and military organizations
- Telecommunications
Industrialized Ransomware Supply Chain
Ransomware activity in the region features supply chain characteristics, with specialist roles working in sequence. Group-IB describes an “industrialized” ransomware supply chain involving initial access brokers, data brokers, and ransomware operators.
The sectors most targeted by ransomware groups in Asia-Pacific in 2025:
- Manufacturing
- Financial services
- Real estate
AI as a Force Multiplier
Artificial intelligence is lowering the cost and time required to run these campaigns, enabling faster creation of phishing kits, more convincing impersonation, and more scalable exploitation of open-source software, authentication processes, and browser environments.
“AI did not create supply chain attacks, it has made them cheaper, faster, and harder to detect,” Volkov added. “Unchecked trust in software and services is now a strategic liability.”
Threat Actors Named
The report identifies a range of actors associated with supply-chain-focused activity:
- Lazarus (North Korea)
- Scattered Spider
- HAFNIUM (China)
- DragonForce
- 888
- Shai-Hulud
These groups illustrate how criminal organizations and state-aligned operators are targeting similar platforms and integration layers.
Law Enforcement Collaboration
In 2025, Group-IB supported 52 local and international law enforcement agencies across six operations globally. In Asia-Pacific, it assisted the Royal Thai Police and Singapore Police Force in the arrest of ALTDOS, a Singaporean cybercriminal linked to data leaks and cyber extortion targeting healthcare, finance, eCommerce, and logistics.
The company also reported dismantling a cybercriminal network that compromised more than 216,000 victims and led to 32 arrests in Asia-Pacific.
Implications for Defenders
The report’s focus on upstream compromise reflects a broader trend in cyber risk management, where organizations must assess not only their own exposure but also the resilience of vendors and technology supply chains. This has increased attention on:
- Software provenance
- Identity security
- Third-party access controls
- Monitoring of developer tooling and browser-based risk
Read the full report from SecurityBrief Australia.
