North Korea Hackers Suspected Of Attack On Widely Used Software Tool

seoul : North Korea-linked hackers are suspected of launching an ambitious attack on an inconspicuous but widely used software package, Google analysts and other cybersecurity experts said Wednesday.

A cyberattack on a technical tool called Axios, which is downloaded tens of millions of times weekly by developers, could have far-reaching consequences.

The impact of the attack “by North Korea-affiliated actors” was “widespread and had ripple effects,” the Google Threat Intelligence blog post said, as other popular packages were linked to Axios.

“Hundreds of thousands of stolen secrets could potentially be in circulation as a result of these latest attacks.”

It was stated that this could enable more cyber attacks such as ransomware, extortion and cryptocurrency theft.

On Wednesday, Google described Axios as “the most popular JavaScript library used to simplify HTTP requests,” the behind-the-scenes part of computer programming called “supply chain attack.”

Google said the tools used were sufficiently similar to those used in previous attacks to point to a “financially motivated North Korea-linked threat actor that has been active since at least 2018.”

A UN panel estimated in 2024 that North Korea had stolen more than $3 billion in cryptocurrencies since 2017.

The stolen money helped finance the country’s nuclear weapons program, the panel said.

A separate analysis of the attack allegedly carried out on Tuesday was also published by several cybersecurity companies on Wednesday.

In one example, Elastic Security Labs said it suspected a “North Korea-related threat cluster,” using North Korea’s formal initials.

It was stated that the attacker took control of an account managing the Axios project and published two “backdoor” versions of the software package.

Computer programmers use Axios to send requests to servers, allowing the software to connect to the web, according to Bloomberg.

Other companies, including StepSecurity, warned developers who installed the two versions to assume their systems had been compromised.

North Korea’s cyber warfare program dates back to at least the mid-1990s.

It has grown into a 6,000-strong cyberwarfare unit known as Bureau 121, operating in several countries, according to a 2020 US military report.