Why Supply Chain Cyber Attacks Are on the Rise in 2025

What’s Driving the Surge in Supply Chain Attacks?

We’ve seen a significant increase in software supply chain attacks in 2025. According to Cyble, there have been around 26 supply-chain incidents per month since April of this year, roughly twice the rate of early 2024.

These attacks — observed across sectors including IT, manufacturing and telecommunications — are driven by ransomware, data exfiltration and zero-day exploits. Adversaries increasingly target suppliers and third-party vendors to amplify downstream impact, as well as update mechanisms like compromised software updates or hardware/software components. 

The trend is exacerbated by rapid adoption of AI, cloud dependencies and geopolitical tensions, which create additional entry vectors and complexity in supply chain visibility.

What Are the Major Risks?

The ransomware-as-a-service group (RaaS) Qilin has emerged as a dominant actor in 2025, overtaking previous leaders and exploiting vulnerabilities in enterprise infrastructure. Espionage and state-aligned campaigns are also shifting focus to high-value targets such as semiconductor firms and defense-sector suppliers. For example, Chinese-linked actors reportedly targeted Taiwan’s chip industry in numerous campaigns this spring. 

Compounding the issue, visibility into third-, fourth- and nth-party dependencies remains a material gap, with many organizations unaware of how vendor or supplier compromises can cascade through their ecosystems.

What Can Defenders Do? 

Fortunately, there are some steps defenders can take to address this evolving threat. We suggest that organizations should:

• Maintain comprehensive supply chain visibility, including Software Bills of Materials (SBOMs) and logical mapping of vendor/dependency relationships.

• Continuously evaluate third-party and vendor risk, with special attention to those providing updates or privileged access.

• Implement network segmentation, enforce least-privilege access and contain vendor connectivity to limit impact in the event of an attack. 

• Set up honeypots or canary tokens internally to detect unauthorized access or credential theft before real damage occurs.

• Monitor in real-time for threats, anomalies and suspicious activity and deploy immutable backups. 

• Spotlight critical vulnerabilities, enable risk-informed decisions and guide smart security investments with high-quality penetration testing.

• Conduct purple team and tabletop exercises, including scenarios involving vendor compromise, to test and develop capabilities and response plans. 

• Engage in public-private information-sharing initiatives and support smaller suppliers in maturing their cyber posture to reduce systemic weak links.

Vigilant defenders can minimize the risk and impact of these attacks with the right combination of tools, human skill and practiced response plans.

‍

Sources

Cyble: Supply Chain Attacks Have Doubled — What’s Driving the Increase?

Supply & Demand Chain Executive: Software Supply Chain Attacks Surged in April and May

The Hacker News: Qilin Ransomware Ranked Highest in April 2025

Reuters: China-linked hackers target Taiwan's chip industry with increasing attacks

‍

Published By: Daniel Parker, VP of Ethical Hacking, NetWorks Group

Publish Date: October 30, 2025