Full Report
IT and software supply chain attacks have surged in recent months, as threat actors have gotten better at exploiting supply chain vulnerabilities, Cyble threat intelligence researchers reported this week. In a June 9 blog post, Cyble researchers said software supply chain attacks have grown from just under 13 a month during February-September 2024 to just over 16 a month from October 2024 to May 2025, an increase of 25%. However, the last two months have seen an average of nearly 25 cyberattacks with supply chain impact, a near-doubling of supply chain attacks from the year-ago period (chart below). [caption id="attachment_103222" align="aligncenter" width="734"] Software supply chain attacks by month 2024-2025 (Cyble)[/caption] The researchers noted that because of the sophisticated nature of supply chain attacks, monthly variations can be quite large “so some variability should be expected even as supply chain attacks generally trend higher.” They also noted that not every cyberattack or its source is known, so such data “is by its nature incomplete.” Software Supply Chain Attacks: IT Targeted The researchers looked specifically at 79 supply chain attacks in the first five months of 2025. Of those, 50, or 63%, directly targeted IT, technology, and telecom companies, which are valuable targets for threat actors looking to exploit downstream users. “Damage from a single successful exploit in those areas can be widespread, as happened with the hundreds of CL0P ransomware victims from a single vulnerability,” Cyble said. Those CL0P victims helped make February a record month for ransomware attacks. Of 24 industries tracked by Cyble, only two sectors – Mining and Real Estate – were untouched by supply chain attacks in the first five months of 2025. In non-tech industries, supply chain attacks often come via third parties, service providers, and industry-specific solutions. The U.S. was targeted in 31 of the 79 incidents. European countries were targeted in 27, with France (10 incidents) leading other European countries by a significant margin. 26 incidents targeted APAC countries, led by India (9) and Taiwan (4). The Middle East and Africa were targeted in 10 supply chain attacks, with the UAE and Israel leading with four incidents each. Supply Chain Attack Examples Cyble detailed 10 of the supply chain attacks to show the range of industries and data exposed. Targets included: A ransomware attack on a Swiss banking technology solutions and services company that included exfiltrated login credentials for banking applications. An IT services subsidiary of a large international conglomerate was hit by a ransomware attack that may have “impacted multiple projects tied to government entities.” A threat actor on the cybercrime forum DarkForums was selling “a large dataset allegedly pertaining to a high-throughput telecommunications satellite for Indonesia and some ASEAN countries.” The data allegedly included technical documents related to propulsion tests, launch analyses, ground systems, and site vulnerabilities. Blueprints were allegedly among the stolen data in a Hellcat ransomware group attack on a China-based company specializing in display technologies and electronic solutions. The DragonForce extortion group claimed to have stolen 200 GB of data from a U.S. company specializing in biometric recognition and identity authentication solutions. The VanHelsing ransomware group claimed an attack on a U.S.-based company specializing in enterprise security and identity access management (IAM) solutions. “The nature of the exposed files suggests they may contain sensitive information linked to the company's customers, potentially affecting sectors such as Banking, Financial Services, and Insurance (BFSI),” Cyble said. A threat actor on the cybercrime forum Exploit was selling “unauthorized access with administrative privileges" to the cloud infrastructure of an Indian fintech company that offers SaaS-based payment service solutions. A cyberattack on a Singapore-based technology company allegedly led to the theft of 3TB of data, including database content and technical and project documentation. An attack on an Australian IT and telecom solutions company may have exposed licensing and application configuration files, hashed credentials, and other critical data. A threat actor on DarkForums was selling unauthorized access to a portal belonging to an Australian telecommunications company that allegedly included access to domain administration tools and other critical network information. Protecting Against Supply Chain Attacks The researchers noted that protecting against supply chain attacks “is challenging because these partners and suppliers are, by nature, trusted.” Building in controls and resilience should be priorities, including: network microsegmentation strong access controls encryption of data at rest and in transit ransomware-resistant backups honeypots for early breach detection proper configuration of API and cloud service connections monitoring for unusual activity “The most effective place to control software supply chain risks is in the continuous integration and development (CI/CD) process, so carefully vetting partners and suppliers and requiring good security controls in contracts are important ways to improve third-party security,” Cyble said.
Analysis Summary
# Industry News: Escalating Software Supply Chain Attacks Demand Increased Third-Party Risk Management
## Summary
Cybersecurity reports indicate a significant surge in successful software supply chain attacks targeting organizations across multiple sectors, including finance and telecommunications, leveraging breaches in trusted partners and suppliers. This trend underscores the inherent risk in relying on third-party infrastructure and software components, driving an urgent need for enhanced security controls in development pipelines and vendor contracts.
## Key Details
- **Date:** Announced around Tuesday, June 10, 2025 (based on article date).
- **Companies Involved:** Cyble (researcher/reporter), various targeted entities in BFSI, technology, and telecommunications sectors globally (India, Singapore, Australia mentioned).
- **Category:** Threat Landscape Analysis / Trend Identification.
## The Story
Researchers noted a substantial increase in attacks exploiting weaknesses within the software supply chain. Recent incidents highlight threat actors gaining unauthorized administrative access to cloud infrastructure and stealing sensitive data (including customer information, technical documentation, and network controls) from smaller, trusted technology partners. Specific examples cited include breaches impacting Indian fintech platforms, Singaporean tech companies, and Australian IT/telecom providers, indicating a widespread geographical and sectoral impact. The core challenge remains that suppliers are inherently trusted, making defenses difficult.
## Business Impact
### For the Companies Involved
- **Direct implications:** Severe reputational damage, significant regulatory fines due to data exposure (especially in heavily regulated sectors like BFSI), operational disruption, and high costs associated with incident response and remediation. The theft of source code or configuration files poses an ongoing risk.
### For Competitors
- **Competitive landscape impact:** Companies that can rapidly demonstrate robust third-party risk management (TPRM) and secure software development lifecycle (SSDLC) practices may gain a competitive advantage, positioning themselves as more reliable partners.
### For Customers
- **Impact on end users:** Increased risk of identity theft, financial fraud, and service disruption stemming from compromised software or infrastructure used by their service providers. Customers are forced to question the security posture of every vendor they utilize.
### For the Market
- **Broader market implications:** Increased scrutiny from regulators on vendor due diligence requirements. This trend is expected to drive significant investment into Security Posture Management tools focused specifically on the software development and supplier ecosystems.
## Technical Implications
The attacks emphasize vulnerabilities residing within the Continuous Integration/Continuous Deployment (CI/CD) pipelines. Effective mitigation requires technical controls such as network **microsegmentation**, robust **access controls**, mandatory **encryption** for data in transit and at rest, implementation of **ransomware-resistant backups**, and deploying **honeypots** for early detection of lateral movement from compromised partners.
## Strategic Analysis
- **Market Positioning:** Vendors specializing in Application Security Testing (AST), SBOM (Software Bill of Materials) generation, and advanced TPRM solutions are well-positioned for growth as organizations urgently seek external validation of supplier security.
- **Competitive Advantage:** Organizations that integrate security deeply into procurement and contractual obligations—treating supplier security as a baseline requirement, not an optional add-on—will build stronger resilience.
- **Challenges:** Difficulty in enforcing consistent security standards across a disparate global network of suppliers and integrating these controls without overly burdening development velocity.
## Industry Reactions
- **Analyst opinions:** Analysts underscore that organizations must shift focus from perimeter defense to inherent code and supplier verification. The "trusted partner" assumption is officially dead.
- **Expert commentary:** Experts stress that contractual agreements must mandate stringent security controls (like mandatory third-party audits) for suppliers handling critical data or code.
- **Market response:** Anticipated market shift towards adoption of standards like SSDF (Secure Software Development Framework) across the vendor base.
## Future Outlook
- **Predictions and expectations:** We expect governments and industry bodies to introduce stricter liability rules concerning breaches originating from the supply chain.
- **What to watch for:** Increased M&A activity targeting smaller security firms that offer specialized solutions for validating third-party CI/CD environments.
## For Security Professionals
Security teams must immediately prioritize auditing relationships with critical third-party vendors, focusing on access provenance, code injection points, and data handling practices. Implementing stricter network access segmentation *around* third-party connections is critical, as is ensuring comprehensive disaster recovery plans that account for supply chain compromise scenarios.