Indonesian Political, Business & Finance News

The Evolution of Supply Chain Attacks: Integrated Cyber Threats in the Asia-Pacific Region 2026

| By Basuki Eka Purnama | Source: MEDIA_INDONESIA Translated from Indonesian | Technology
The Evolution of Supply Chain Attacks: Integrated Cyber Threats in the Asia-Pacific Region 2026
Image: MEDIA_INDONESIA

The High-Tech Crime Trends Report 2026, released by Group-IB, has revealed a dramatic shift in the cybersecurity landscape across the Asia-Pacific region. Attacks on supply chains are no longer isolated incidents but have evolved into an integrated ecosystem of attacks that exploits digital trust. Rather than directly attacking corporate security systems, hackers now increasingly target upstream vendors and service providers. This strategy allows perpetrators to gain access to entire customer networks through a single security vulnerability.

Throughout 2025 alone, 263 instances of compromised corporate access in the Asia-Pacific region were traded on the dark web to facilitate such attacks. Group-IB Chief Executive Officer Dmitry Volkov emphasised that current cyber threats are interconnected within coordinated campaigns. “Cyber threats today are no longer isolated incidents. They are all interconnected within a supply chain attack ecosystem. A single vulnerability can impact thousands of other parties. Phishing, ransomware, data breaches, and misuse of internal access represent stages in a single coordinated campaign built by exploiting trust and expanding the reach of cyber threats,” Volkov stated.

The report details several key trends warranting vigilance, including the exploitation of open-source repositories such as npm and PyPI. Hackers hijack administrator accounts to automatically insert malware into widely-used libraries. Additionally, there has been a surge in the use of malicious web browser extensions designed to steal credentials and financial data directly from victim browsers.

Artificial intelligence plays a significant role in accelerating attack frequency. AI-enabled phishing campaigns can now target OAuth-based login flows to bypass multi-factor authentication (MFA) protections. Volkov further noted that AI makes attacks more efficient and harder to detect, rendering excessive trust in software a strategic risk for enterprises.

Across industries, financial services, government, military, and telecommunications became primary targets of phishing campaigns in the Asia-Pacific throughout 2025, whilst ransomware groups increasingly targeted manufacturing and property sectors.

In response to these threats, Group-IB continues to strengthen international collaboration. One significant success has been support provided to law enforcement in Thailand and Singapore in apprehending ALTDOS, a hacker involved in major data breaches across various sectors. In total, these law enforcement efforts have dismantled a network that harmed over 216,000 victims across the Asia-Pacific region.

Indonesian businesses faced the highest number of ransomware attacks (57,554) throughout the previous year compared to other countries in the Southeast Asian region. During 2024, Kaspersky’s anti-phishing technology detected more than eight million phishing attempts targeting Indonesian users.

View JSON | Print