CYBER threats such as phishing and ransomware are often links in a “supply-chain attack ecosystem”, with a single compromise reaching thousands of downstream victims a new report reveals.
The report noted AI was making supply chain attacks cheaper, faster, and harder to detect.
Group-IB recently published its High-Tech Crime Trends Report 2026, warning supply chain attacks have evolved into unified ecosystems of compromised trust, access, and data.
The company reported aiding the Royal Thai Police and Singapore Police Force in the arrest of ALTDOS, a Singaporean cybercriminal responsible for data leaks and cyber extortions targeting logistics, healthcare, finance and e-commerce.
The report notes adversaries that rather than attack companies directly, cyber criminals exploit trusted relationships across the digital supply chain, gaining access to entire customer networks.
“Today’s cyber threats aren’t isolated events,” said Group-IB CEO Dmitry Volkov.
“They’re links in a supply chain attack ecosystem, where one compromise can reach thousands of downstream victims.
“Phishing, ransomware, data breaches, and insider abuse are all phases of the same campaign, built on exploiting trust and extending the cyber threat footprint.”
In the Asia-Pacific, Group-IB uncovered 263 instances of corporate access being sold on the dark web in 2025 to facilitate these attacks.
The cyber risk was heightened by the surge in data leaks, according to the report.
Stolen credentials, source code, API keys, and internal communications gave attackers insight into business workflows and relationships.
The report noted the rise of malicious browser extensions, with threat actors increasingly weaponising trusted browser add-ons, hijacking official marketplaces and developer accounts to harvest credentials, hijack sessions, and steal financial data.
According to the report, initial access brokers, data brokers, and ransomware operators now operated as tightly coordinated ecosystems, focusing on upstream access points to maximise operational and financial damage.
"AI did not create supply chain attacks, it has made them cheaper, faster, and harder to detect,” Mr Volkov said.
“Unchecked trust in software and services is now a strategic liability.”
The High-Tech Crime Trends Report 2026 is based upon Group-IB’s digital crime resistance centres (DCRCs) around the world, and adversary-centric telemetry.