Cybercrime surge hits technology sector as AI & supply chain attacks rise

New research has detailed how cybercriminals are increasingly targeting technology companies, leveraging advanced technologies and dark web marketplaces to intensify the impact of their attacks across global industries.

The latest threat intelligence series from Trustwave details how both the pace and sophistication of cyber threats facing the technology sector have increased, with attackers now utilising supply chain vulnerabilities, artificial intelligence (AI), and stolen credentials to gain access to broader digital ecosystems.

Supply chain attacks

Trustwave's analysis reveals that access to sensitive components—such as GitLab API keys—can be sold on the dark web for up to USD $1,400, with such credentials marketed specifically for use in supply chain attacks. The report also highlights that credentials harvested through infostealers are actively traded and weaponised by attackers, providing a route to infiltrate technology providers with the aim of moving laterally across entire supply chains and partner networks.

Instead of simply targeting individuals with stolen logins, cybercriminals are utilising these credentials to access wider digital infrastructures. Once inside, they are able to traverse interconnected services and platforms, opening potential backdoors into multiple organisations.

Rise in ransomware targeting tech companies

Trustwave SpiderLabs found that ransomware activity is increasingly focusing on technology vendors, with 85 percent of ransomware incidents in early 2025 impacting this sector, as opposed to end-user companies. Prominent ransomware groups such as Ransomhub, CLOP, Akira, and Fog have intensified their campaigns, driving a 10 percent weekly increase in attacks against technology organisations worldwide.

The report notes that these attacks often feature double extortion tactics and mass data exfiltration, primarily affecting software, cloud, and infrastructure providers. Attacks exploiting third-party dependencies, CI/CD (continuous integration and continuous deployment) pipelines, and open-source libraries have also led to widespread breaches, sometimes originating from just a single compromised vendor.

Legacy systems and public exposure

Publicly exposed services remain a persistent risk, with minimal changes in overall exposure year-on-year. However, the continued use of legacy operating systems and new, vulnerable network ports are providing ongoing opportunities for threat actors to gain footing in technology environments.

Weaponisation of AI

The research indicates that offensive AI is enabling cybercriminals to craft more effective phishing campaigns, social engineering threats, and supply chain attacks. This increase in sophistication is reflected in both the scale and success rate of cyber intrusions targeting technology firms.

Professionalisation of cybercrime

The dark web is underpinning a professional and collaborative cybercriminal ecosystem, with attackers monetising data and access obtained from successful breaches. The increasing value and frequency of supply chain attacks are being driven by this underground marketplace, as criminal groups work together to amplify their reach.

"The technology sector's relentless pace of innovation is matched only by the creativity and determination of today's cyber adversaries. Our latest research shows that cybercriminals are not just keeping up—they're industrializing their operations, exploiting supply chains, and weaponizing AI," said Kory Daniels, CISO at Trustwave. "Trustwave is committed to helping technology organizations build resilience through world-class threat intelligence, MDR, and security solutions that address the realities of a hyper-connected digital world."

Trustwave's reports, including the 2025 Risk Radar Report: Technology Sector and research supplements on AI threats and dark web supply chain attacks, offer a comprehensive look at these evolving risks.

Recommendations for technology organisations

Trustwave SpiderLabs has issued several recommendations for technology firms to better protect themselves in this hostile environment. Organisations are urged to implement robust identity and access controls—such as multi-factor authentication and least-privilege policies—and to maintain regular inventories, assessments, and patches for all systems, particularly those exposed to the public internet.

The guidance also includes ongoing monitoring for dark web leaks and third-party risk via advanced threat intelligence, investing in AI-powered security solutions to detect and counter emerging attacks, and bolstering employee readiness through ongoing security training and incident response practice.

These recommendations reflect the growing recognition that technology organisations serve as a digital backbone for industries globally, making their protection critical to wider economic and operational stability in the face of sustained cyber threats.