Hackers from North Korea have bugged software used by thousands of companies across the United States in an attempt to use stolen cryptocurrency to fund the country’s nuclear and missile programs. So far, 135 devices across 12 companies have been confirmed compromised, but more victims could exist. It will take months to fully investigate and recover from what happened.
The targeted tool was Axios, a popular open-source JavaScript library used by developers to handle HTTP requests. The North Korean hacking group was able to access companies’ systems using malware that essentially gives backdoor access to operating systems. The two targeted versions of Axios are downloaded more than 183 million times each week; companies that downloaded it during that time were left vulnerable to the attack.
While the full impact will take months to uncover, it’s believed that hundreds of thousands of company secrets are already out there, making it comparable to the worst data breaches.
Read more: 16 Useful Apps You Didn’t Know Existed
Why is North Korea hacking U.S. companies?
North Korean missiles with flag – Дмитрий Ларичев/Getty Images
The North Korean group believed to have hacked Axios is known as UNC1069. Since 2018, this hacking group has targeted the financial sector. “We anticipate they will try to leverage the credentials and system access they recently obtained in this software supply chain attack to target and steal cryptocurrency from enterprises,” said Charles Carmakal, Mandiant’s Chief Technology Officer.
Hacking has become a massive part of North Korea’s revenue, largely used on its nuclear and missile programs. At this point, the country’s missile program is half-funded through hacking. In the past few years, North Korean hackers have stolen billions of dollars from cryptocurrency firms and banks, including the record-breaking $1.5 billion in crypto it stole last year from a single attack.
This latest hack was the most advanced supply chain attack yet, deleting its own tracks after delivering the payload to the victim’s machine. This way, the attack was harder to detect for developers who unwittingly downloaded the compromised software. At this point, it doesn’t seem like UNC1069 is trying to hide; they just want to get away with it before being identified.
Want the latest in tech and auto trends? Subscribe to our free newsletter for the latest headlines, expert guides, and how-to tips, one email at a time. You can also add us as a preferred search source on Google.
Read the original article on SlashGear.
Click Here For The Original Source.
