North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt
North Korean Hackers Target Software Used by Thousands of US Firms in Potential Crypto Heist
Security analysts believe North Korean hackers have infiltrated a widely used software package, compromising systems across numerous US companies. The breach, identified as a major supply-chain attack, could take months to fully address, according to experts. A critical detail emerged when hackers accessed the account of a developer overseeing open-source software called Axios, which is employed by organizations in various industries to streamline website creation and maintenance.
Malicious Updates Spread Across Organizations
For three hours on Tuesday morning, the Pyongyang-linked group exploited the developer’s credentials to push harmful updates to any company that had downloaded the software during that window. This action triggered a rapid response from both the developer and cybersecurity teams nationwide, who scrambled to secure the compromised account and evaluate the extent of the damage.
Axios is integrated into sectors ranging from healthcare to finance, making it a vital tool for businesses. Some cryptocurrency firms and tech companies in the crypto space also rely on the software. Mandiant, a Google-owned cyber-intelligence firm, confirmed that a suspected North Korean hacking group was behind the breach, linking it to previous attacks attributed to the regime.
“We anticipate they will try to leverage the credentials and system access they recently obtained in this software supply chain attack to target and steal cryptocurrency from enterprises,” said Charles Carmakal, Mandiant’s chief technology officer, in an interview with CNN. “It will likely take months to assess the downstream impact of this campaign.”
John Hammond, a researcher at Huntress, noted that his team has found about 135 infected devices connected to 12 companies, though this represents only a fraction of the total victims. The situation is expected to worsen as more organizations uncover their involvement. This incident marks another significant supply-chain breach tied to North Korea, following a similar attack three years ago involving a software provider used by healthcare and hotel sectors for communication purposes.
North Korea’s cyber capabilities are a cornerstone of its financial strategy, enabling the regime to fund its nuclear and missile programs despite international sanctions. Recent reports from the United Nations and private security firms indicate that the country has siphoned billions from banks and cryptocurrency platforms over the years. In 2023, a White House official revealed that nearly half of North Korea’s missile program is supported by digital theft.
“North Korea isn’t worried about its reputation or being eventually identified, so while these types of operations are very noisy and high profile, that’s a price they’re willing to pay,” explained Ben Read, director of strategic threat intelligence at Wiz, a Google-owned security firm. “The whole software supply chain’s biggest weakness has an open door in today’s era where too many people don’t read what gets put in the ingredients anymore,” Hammond added, highlighting the risks posed by AI-driven development tools that lack oversight.
Last year, North Korean hackers executed a single attack that stole $1.5 billion in cryptocurrency, setting a new record for the largest digital heist. Analysts suggest the current breach is part of a coordinated effort to expand their influence in the crypto sector, exploiting the growing reliance on automated software systems. The scale of the attack underscores the persistent threat posed by Pyongyang’s advanced hacking operations.