The global IT sector is facing growing cybersecurity challenges as nation-state threat groups and cybercriminals continue to expand their attacks. A recent security report highlights how technology companies have become prime targets for espionage, intellectual property theft, supply chain compromises, and financial extortion.
According to the report, several China-linked threat groups carried out significant cyber operations over the past 12 months. These included attacks targeting technology firms, cloud service users, and organizations using enterprise software platforms. Security researchers noted that technology companies remain attractive targets because access to these firms can provide valuable intelligence and potential entry points into customer networks.
The report also revealed a strong focus on the IT sector by North Korean cyber actors. Alongside remote IT worker schemes, North Korean-linked groups reportedly exploited trust within open-source developer communities. Attackers used malware-infected repositories to trick developers into compromising macOS and Linux systems, enabling wider espionage campaigns.
Researchers noted that while China-linked operations stood out for their sophistication, North Korean campaigns were notable for their scale. One North Korea-linked group, Famous Chollima, accounted for 47% of all government-linked cyberattacks targeting IT companies during the reporting period.
Cybercrime remained the dominant threat, representing 65% of all attacks against the IT sector. Hacker groups including Scattered Spider, ShinyHunters, and Crimson Collective were linked to several major incidents. One attack allegedly resulted in the compromise of 570GB of sensitive data, including customer infrastructure and configuration information.
The report also highlighted the growing role of artificial intelligence in cybercrime. Criminal groups are increasingly using AI-powered tools to automate credential theft, accelerate attacks, and remove forensic evidence more efficiently. Weaknesses in AI platforms have also created new opportunities for attackers. During the first months of 2026, multiple groups reportedly distributed malware, including a macOS information stealer known as Skrawl, by exploiting vulnerabilities in the AI agent OpenClaw.
Technology firms continued to face significant extortion pressure. Threat actors claimed to have targeted 572 technology companies through leak sites, while dark web forums advertised compromises involving 277 technology firms, marking an increase of nearly 30% compared to the previous year.
North America experienced the highest concentration of attacks, accounting for 45% of intrusions within the IT sector and 49% of extortion victims listed on data-leak platforms.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.