A tainted Axios update has spread through thousands of projects, sparking an extensive US response. Security teams expect months of cleanup and continued attempts to steal cryptocurrency.
A large-scale cyberattack has unfolded in the United States, linked to North Korean groups that breached a popular open-source software package used by thousands of companies along the supply chain. Restoring systems and mitigating the fallout could take months, according to cybersecurity experts.
According to cybersecurity analysts who are working on incident response, a prolonged campaign to accumulate stolen cryptocurrency to fund a regime known for its nuclear and missile programs is expected.
On Tuesday morning, attackers tied to North Korea gained access to the Axios developer account – a popular open-source library. Using this access, they pushed malicious updates to organizations that downloaded Axios, triggering panic among developers and cybersecurity experts in the country as they tried to assess the damage.
Axios is a widely used library for building and managing web projects. It is used across sectors – from healthcare to finance – and among cryptocurrency and tech companies.
According to Mandiant, Google’s cyber threat intelligence unit responsible for investigating the attack.
We expect that they will attempt to use the credentials and system access they recently gained during this software supply chain attack to target enterprises and steal cryptocurrency.
– Charles Carmakal
According to Huntress, about 135 devices were compromised and belonged to roughly 12 companies. However, this is only a miniature portion of the victims, which may be significantly larger once other organizations confirm the breach.
It is likely to take several months to assess the further impact of this campaign.
– John Hammond
This is not the only large-scale supply chain attack tied to Pyongyang. Three years ago North Korean operational groups allegedly infiltrated another well-known software supplier used by security firms and hotel networks for voice and video communications.
North Korea’s cyber revenue streams provide substantial income for the country under sanctions. According to the UN and private research firms, in recent years North Korean hackers have stolen billions of dollars from the banking and cryptocurrency sectors.
According to government sources, roughly half of North Korea’s missile program funding came specifically from such digital breaches, as a White House official said in 2023.
Last year, North Korean hackers stole $1.5 billion in cryptocurrency in a single attack – at the time the largest such cyberattack in the world.
North Korea is not worried about its reputation or that it may be identified sooner or later, so while such operations are very loud and noticeable, it’s a price they are willing to pay.
– Ben Reed
The hacking has been described as ‘perfectly timely’ in light of the deployment of AI agents that are developing software in organizations ‘without any review or regulatory norms’.
– John Hammond
Experts emphasize that it is the open nature of the supply chain that creates the greatest risk: many people do not verify what is included in the ‘ingredients’ of software, which can lead to serious disruptions in critical systems.
Analysts continue to monitor developments, as the campaign may change and adapt, requiring increased monitoring of supply chains and strengthening of critical infrastructure protections against similar threats in the future.
Overall, this incident underscores the vulnerabilities of software supply chains and highlights the need for international cooperation in countering cybercrime, including involvement by North Korea.
Click Here For The Original Source.
