In a concerning cybersecurity development, attackers linked to North Korea have compromised a widely used software tool that quietly powers many everyday online services, raising risks of large-scale data theft.
According to a tech company, the hackers targeted Axios, an open-source program that connects apps and web services, by inserting malicious code into an update released on Monday. The breach was identified early on Tuesday by cybersecurity researchers.
“Every time you load a website, check your bank balance, or open an app on your phone, there’s a good chance Axios is running somewhere in the background making that work,” said Tom Hegel, a senior researcher at SentinelOne.
The injected malware, which has now been removed, could have allowed attackers to access sensitive computer data, including login credentials. These credentials could then be used for further cyberattacks or data theft.
As Axios is open-source software, its code can be freely modified, making it a potential target for such attacks. Experts described the incident as a supply chain attack, where compromised software can impact multiple downstream users.
“You don’t have to click anything or make a mistake,” Hegel said. “The software you already trust did it for you.”
The attack has been linked to a group tracked as UNC1069, which has reportedly been active since at least 2018 and is known for targeting cryptocurrency and financial sectors.
“North Korean hackers have deep experience with supply chain attacks, which they primarily use to steal cryptocurrency,” said John Hultquist, chief analyst for the tech company’s threat intelligence group.
According to government sources, stolen cryptocurrency is often used by North Korea to fund weapons programs and bypass international sanctions.
Researchers also found that the malware versions could infect macOS, Windows, and Linux systems, increasing its potential reach. A cybersecurity firm noted that the attackers gained a delivery mechanism with access to millions of environments, though the exact number of downloads remains unknown.
Efforts to contact the developers and the hackers have not received responses.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
