Software supply chain attacks have been steadily climbing, with recent data pointing to a 25% surge in incidents. This rise underscores the increasing sophistication of threat actors in breaching the complex web of interconnected software, hardware, and service providers that make up today’s IT environments.
According to an analysis of Cyble data, the average number of software supply chain attacks rose from under 13 per month (February–September 2024) to over 16 per month (October 2024–May 2025). The most recent two months saw nearly 25 incidents on average, suggesting a potential doubling of attack volume if current patterns hold. Still, month-to-month fluctuations remain high—with a low of 6 attacks in January 2025 and a peak of 31 in April 2025.
The dataset, compiled from Cyble’s investigations and open-source intelligence (OSINT), is not exhaustive, as many incidents remain undisclosed or undetected.
From January to May 2025, Cyble documented 79 cyberattacks with supply chain implications. Of these, 63% (50 incidents) were aimed at IT, technology, and telecommunications companies—prime targets due to their downstream influence. A single exploited vulnerability in these sectors can have a cascading effect, as seen in the widespread CL0P ransomware breaches.
Supply chain-related incidents touched 22 out of 24 tracked sectors, sparing only the Mining and Real Estate industries. In non-tech verticals, attackers often breached through third-party vendors and industry-specific service providers.
Regionally, the U.S. led with 31 reported incidents, followed by Europe (27) and APAC (26)—with India (9) and Taiwan (4) among the most affected in the Asia-Pacific region. The Middle East and Africa recorded 10 incidents, including four each in the UAE and Israel.
Cyble also detailed 10 major incidents, such as:
- Everest Ransomware claiming an attack on a Swiss banking tech firm, with stolen login credentials to banking apps.
- Akira ransomware affecting an IT services arm of a global conglomerate, reportedly disrupting projects linked to government bodies.
- A DarkForums threat actor advertising 92 GB of data related to a satellite project for Indonesia and ASEAN countries.
- Hellcat ransomware breaching a China-based electronics firm, exfiltrating 166 GB including blueprints and financial records.
- DragonForce targeting a U.S. biometric tech firm and extracting over 200 GB of data.
- VanHelsing ransomware infiltrating a U.S. enterprise security company, compromising potentially sensitive BFSI sector data.
- A threat actor on Exploit offering admin-level access to an Indian fintech firm’s cloud systems.
- Crypto24 extortion group claiming a 3TB breach of a Singapore-based tech firm.
- Killsec hacking group compromising an Australian IT and telecom solutions provider, leaking critical configuration data.
- A DarkForums actor offering access to an Australian telecom company’s domain admin portal for $750.
“Protecting against software supply chain attacks is challenging because these partners and suppliers are, by nature, trusted,” Cyble noted.
To mitigate risks, experts recommend:
- Network microsegmentation
- Restrictive access controls and regular validation
- Biometric and multi-factor authentication
- Encrypted data at rest and in transit
- Ransomware-resistant, air-gapped backups
- Honeypots for early breach detection
- API and cloud configuration hygiene
- Proactive monitoring via SIEM, Active Directory, and DLP tools
- Routine audits, scans, and pen testing
The most strategic defense, Cyble suggests, lies within the CI/CD pipeline. Organizations must vet vendors thoroughly, incorporate security mandates in contracts, and make cybersecurity a core purchasing criterion. Leveraging services like Cyble’s third-party risk intelligence can accelerate this process and promote stronger security compliance among suppliers.
As threat actors evolve, organizations must embrace a layered, proactive approach to software supply chain security—treating it not as an IT concern, but as a critical business imperative.
