Extortion attacks on the rise as hackers prioritize supply-chain weaknesses

(Markus Spiske / Unsplash)

By Eric Geller • Feb 12, 2026

The number of extortion-related cyberattacks increased by roughly 63% in 2025 to 6,800, according to Intel 471’s report, which is based on data from the company’s analysis of dark-web forums. The previous year saw the “rapid ascension” of the Qilin ransomware gang, Intel 471 said, although the Sp1d3r Hunters alliance (composed of Scattered Spider, LAPSUS$ and ShinyHunters hackers) and the Cl0p gang grabbed most of the headlines with high-profile operations.

Businesses should be particularly alert for supply-chain attacks leveraging vulnerabilities in their contractors’ products, the report warned. By compromising a managed service provider or software vendor to access its customers’ systems, a supply-chain attack “leverages established trust, allowing attackers to bypass robust defenses and achieve a much greater impact with significantly less effort,” Intel 471 researchers wrote.

Cleo and Salesloft experienced major breaches that led to significant downstream intrusions in 2025, with researchers attributing the former campaign to Cl0p and noting the potential involvement of Sp1d3r Hunters in the latter campaign. Qilin launched a campaign in September that compromised at least 20 South Korean companies through an intrusion into one of their IT service providers.