North Korean Hackers Target Axios Software

Popular software library Axios fell victim to cybercriminals believed to be linked to North Korea.

Attackers inserted malicious code into an update of the open-source Axios library. The malicious code remained in the update for about three hours before discovery and removal. During that window, thousands of organizations may have downloaded it.

Experts believe the attack’s primary goal was stealing credentials and subsequently stealing cryptocurrency to fund North Korea’s nuclear and missile programs.

Thousands of American companies use Axios across various industries, from healthcare and finance to crypto. The library downloads approximately 80 million times per week and facilitates data exchange between applications and servers.

Who Is Behind the Attack?

Google and Mandiant attributed the attack to UNC1069, a hacker group linked to North Korea. This group has been active since 2018 and traditionally focuses on the financial sector and cryptocurrency assets.

Related: Maryland Man Charged With Stealing $53 Million From DeFi Platform Uranium Finance

The attack was a classic supply chain attack. Hackers gained access to an Axios developer account and distributed a compromised update. Experts note that attackers may use the stolen credentials for further intrusions into corporate networks.

Consequences and Risks

The full extent of the damage remains unknown, but specialists warn that assessing the impact could take months. Many companies use Axios “invisibly”—it runs in the background when opening websites, checking balances, or using mobile applications.

This is not the first major supply chain attack attributed to North Korean hackers. In recent years, they have repeatedly stolen billions of dollars in cryptocurrency. According to the UN and the White House, some of these funds go toward financing the country’s missile program.

Related: Irish Police Gain Access to Criminal’s Bitcoin Wallet