Hacker groups believed to be linked to North Korea reportedly carried out a large-scale supply chain attack by infiltrating a software package used by thousands of companies in the United States.
Cybersecurity experts say it could take months to uncover the full extent of the attack and that it may be part of a long-term cryptocurrency theft campaign.
At the heart of the attack is Axios, a widely used open-source software library. According to authorities, Pyongyang-linked hackers gained access to a software developer’s account for about three hours on Tuesday morning. During this time, malicious updates were sent to organizations that had downloaded the software. Following the incident, the developer took action to regain control of the account, while cybersecurity teams across the country worked to assess the extent of the damage.
The Axios library is widely used in the development of web applications across many sectors, including healthcare, finance, and technology. The fact that cryptocurrency companies and blockchain-based technology firms also rely on this software further amplifies the potential impact of the attack.
Cyber intelligence company Mandiant believes a North Korean-backed hacker group is behind the attack. The company’s chief technology officer, Charles Carmakal, stated that the attackers would use the compromised credentials to target companies and attempt to steal cryptocurrency. Carmakal added, “It may take months to fully understand the downside impact of this campaign.”
John Hammond, a researcher at the cybersecurity firm Huntress, stated that they have so far identified 135 devices belonging to approximately 12 companies as affected, but this number is only the tip of the iceberg. Experts expect the scope of the attack to expand further in the coming period.
This incident is seen as the latest in a series of large-scale cyber operations carried out by North Korea in recent years. Previously, there were similar allegations of hacking into software used in the health and tourism sectors. According to reports from the United Nations and various private organizations, North Korean hackers have stolen billions of dollars in assets from banks and cryptocurrency companies in recent years.
*This is not investment advice.