Across the MEA region, the Internet and financial services account for over 80% of phishing activity–Group IB High-Tech Crime Trends Report 2026
Abu Dhabi headquartered Group-IB, a leading creator of cybers its ‘High-Tech Crime Trends Report 2026’, revealing that supply chain attacks have become the dominant force reshaping the global cyber threat landscape.
For organizations across the Middle East & Africa (MEA), where cloud adoption, digital government platforms and fintech ecosystems continue to expand rapidly, the shift toward supply chain compromise represents a growing systemic risk rather than isolated security incidents.
Mapping the web of deceit in supply chain attacks
This year’s High-Tech Crime Trends report reveals that cybercrime has shifted decisively away from isolated intrusions toward ecosystem-wide compromise, where attackers exploit trusted vendors, open-source software, SaaS platforms, browser extensions, and managed service providers to gain inherited access to hundreds of downstream organizations.
Phishing activity
In MEA, phishing activity observed by Group-IB in 2025 shows attackers disproportionately targeting high impact sectors, particularly internet services (52.49%), financial institutions (28.50%) and the logistics sector (11.20%). Although phishing often starts with individual users, compromise within these organizations can trigger cascading effects across customers, partners, and connected ecosystems.
Drawing on worldwide telemetry alongside on-the-ground investigations, the report combines Group-IB’s adversary-centric and global analysis with real-world regional case studies to illustrate how supply chain compromises unfold across industries and geographies.
Compromises
These cases span open-source package poisoning, malicious browser extensions, OAuth token abuse, cascading SaaS breaches, and ransomware operations fueled by upstream access brokers—demonstrating how a single localized intrusion can rapidly escalate into large-scale, cross-border impact.
Powered by Group-IB’s proprietary predictive intelligence, the report finds that modern supply chain attacks no longer operate as standalone incidents. Instead, phishing, identity compromise, malicious extensions, data breaches, ransomware, and extortion increasingly function as interconnected stages of a single attack chain—each reinforcing the next.
Key MEA insights from the High-Tech Crime Trends Report 2026:
Phishing-driven identity compromise: In 2025, phishing activity across the Middle East and Africa increasingly targeted high-trust sectors such as internet services, financial institutions, and logistics providers, accounting for more than 80% of observed phishing activity. This enabled attackers to gain legitimate access and scale attacks across interconnected digital ecosystems.
Access brokerage as a key factor in downstream attacks: The report found over 200 cases of publicly advertised corporate access linked to MEA organizations being offered by Initial Access Brokers (IABs) in 2025.
An industrialized ransomware supply chain: In 2025, ransomware activity across the Middle East and Africa was most heavily concentrated in the GCC, which accounted for over 100 reported incidents.
Supply chain attacks expand the impact beyond the initial victims: The report identified five organizations in the GCC affected by supply chain attacks, mainly within IT services and industrial sectors.
“Cybercrime is no longer defined by single breaches. It is defined by cascading failures of trust,” affirmed Dmitry Volkov, Chief Executive Officer, Group-IB.
“Attackers are industrializing supply chain compromise because it delivers scale, speed, and stealth. A single upstream breach can now ripple across entire industries. Defenders must stop thinking in terms of isolated systems and start securing trust itself, across every relationship, identity, and dependency,” he explained
The findings underscore the need for organizations across the MEA region to prioritize identity protection, third-party monitoring and vendor risk governance as part of the enterprise cybersecurity strategies, a press statement concluded.
