Group IB Report: Attackers Are Industrializing Supply Chain Compromise

Modern supply chain attacks are no longer isolated events. Rather, phishing, identity theft, malicious extensions, data breaches, ransomware, and extortion are becoming more and more interrelated steps of a single attack chain, where each step reinforces the next.

This was one of the findings of Group IB’s High-Tech Crime Trends Report 2026, based on Intelligence drawn from Group-IB’s Digital Crime Resistance Centers (DCRCs) across 11 countries worldwide, enriched by adversary-focused telemetry, hands-on cybercriminal investigations, and 24/7 global monitoring of underground ecosystems.

Other key findings include:

Open-source ecosystems are under attack: The package repositories npm and PyPI have become the number one target, with stolen credentials for maintainers and automated malware worms to compromise popular libraries, turning development pipelines into large-scale distribution channels for malware.

The malicious browser extension threat: Threat actors increasingly leverage trusted browser extensions, hijacking official marketplaces and developer accounts to steal credentials, hijack sessions ...