Group-IB’s 2026 trends material frames supply-chain compromise as a dominant cybercrime pattern in which attackers abuse trusted vendors, SaaS platforms, open-source projects, managed service providers, and identity integrations. In the threat-actor section, Lazarus is listed as a long-running global actor associated with crypto and energy-and-utilities targeting within the supply-chain-focused threat landscape. The excerpt also highlights ecosystem-wide risks from compromised npm packages, stolen OAuth tokens, legacy-environment exploitation, ransomware partnerships, and phishing-driven identity compromise. For DPRK-focused defenders, the supported takeaway is that Lazarus-relevant exposure sits in the same trust-abuse environment affecting developer, open-source, SaaS, and high-value infrastructure dependencies.