North Korean hackers compromise Axios software used by thousands of US companies

Hackers suspected of being linked to Coreia of Norte broke into the software Axios, an open source library widely used by American companies to manage HTTP requests in web applications. The incident occurred on Tuesday morning, when attackers had access for around three hours to the account of a developer responsible for the project. Durante During this period, they sent malicious updates to organizations that downloaded the compromised versions.

Companies from different sectors, including healthcare, finance and companies that deal with crypto assets, use Axios to build and maintain their websites and applications. Google cyber intelligence firm Mandiant attributed the attack to a North Korean hacker group. Especialistas indicate that the main objective involves the theft of credentials and access to systems for subsequent extraction of cryptocurrencies.

Initial access and malicious distribution

The attackers compromised the developer account and published altered versions of Axios to the npm registry. Essas updates included a malicious dependency that installed a backdoor capable of operating on systems Windows, macOS and Linux. The action allowed the malware to be automatically distributed to anyone who downloaded the package during the exposure window.

Companies that integrated the affected versions needed to act quickly to isolate systems and assess possible compromises. The race to regain control of the account and remove the malicious code has mobilized security teams across multiple organizations.

Initial victim assessment

Huntress identified approximately 135 compromised devices, belonging to approximately 12 companies. Esses numbers represent only an initial fraction of potential victims, as many organizations are still investigating whether they downloaded the problematic versions. The volume of weekly downloads of Axios exceeds tens of millions, which expands the scope of the incident.

Cybersecurity experts monitor traffic to detect connections to command and control servers used by attackers. The investigation continues to map all affected systems and mitigate remaining risks.

Prolonged campaign forecast

Charles Carmakal, chief technology officer at Mandiant, stated that hackers should try to exploit the access gained to steal cryptocurrencies from companies. Ele estimated that full impact assessment will require months of detailed analysis in corporate environments. The responsible group has a history of financial operations motivated by gains that benefit the Pyongyang regime.

Leia Tambem

Colby Minifie confirms Ashley Barrett’s powers in The Boys season five

Napoli x Milan in Serie A with confirmed lineups and where to watch live

New battery test puts Galaxy S26 Ultra ahead of iPhone 17 Pro Max in global ranking

John Hammond, a researcher at Huntress, described the attack as perfectly timed, taking advantage of the increasing use of artificial intelligence tools in software development without adequate security reviews. Muitas Companies incorporate open source components without deep vetting, creating supply chain vulnerabilities.

History of similar operations

This case represents yet another episode of supply chain attacks attributed to North Korean hackers. Há Three years ago, a similar group compromised other popular software employed by healthcare chains and hotels for voice and video calling. Cyber ​​operations serve as an important source of revenue for the country, which faces stringent international sanctions.

Reports indicate that hackers linked to Norte have stolen billions of dollars in cryptocurrencies and bank funds in recent years. Parte of these resources finances missile and nuclear programs, according to assessments by authorities and international organizations. Last year, a single attack resulted in the theft of $1.5 billion in crypto assets.

Vulnerabilities in the software supply chain

Axios serves as an invisible but essential tool that allows applications to connect to services on the internet. Sua Popularity makes the package an attractive target for operations seeking scale and initial stealth. Reliance on open source components without constant verification opens the door for malicious insertions.

Experts recommend that organizations urgently review the use of Axios in their environments and apply available fixes. Removing compromised versions and implementing rigorous package verification processes helps reduce future risks in development projects.

Coreia Hackers exploit widely adopted development tools to gain persistent access to corporate networks. The incident reinforces the need for greater attention to the integrity of updates to open source libraries used daily by thousands of companies.