An analysis of Cyble data reveals that software supply chain attacks have increased from an average of just under 13 a month during the eight months of February-September 2024 to just over 16 a month from October 2024 to May 2025, an increase of 25% in the most recent eight-month period.
The last two months averaged nearly 25 cyberattacks with supply chain impact, representing a near-doubling of supply chain attacks if the recent trend continues.
However, monthly variations in supply chain attacks tend to be quite large, ranging from a low of 6 attacks in January 2025 to a high of 31 attacks in April 2025. So, some variability should be expected even as supply chain attacks generally trend higher, the data suggests.
Key takeaways:
· Looking at the 79 cyberattacks with supply chain implications in the first five months of 2025, the majority (50, or 63%) directly targeted IT, technology, and telecommunications companies. Only the mining and real estate industries remained untouched.
Cyble Inc.
· Among targeted countries, the United States was a target in 31 of the 79 incidents. European countries were targeted in 27 incidents, with France (10 incidents) experiencing the highest number of European attacks. 26 of the incidents targeted APAC countries, led by India (9 incidents) and Taiwan (4). The Middle East and Africa were targets in 10 incidents, including four each in the UAE and Israel.
