North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt

North Korea’s Cyber Operations Target Popular Software in Crypto Fund-Raiding Scheme

Cybersecurity analysts responding to the breach indicated that a suspected North Korean hacking group has infiltrated a widely used software package, potentially setting the stage for a significant cryptocurrency heist. The attack, which targeted the open-source software Axios, was discovered when the Pyongyang-linked hackers gained access to a developer’s account for three hours on Tuesday morning.

Axios, a tool employed by organizations across multiple industries including health care and finance, simplifies website development and management. During the unauthorized access, the hackers distributed malicious updates to any company that downloaded the software, prompting a rapid response from both the developer and cybersecurity teams nationwide. This incident underscores the vulnerability of software supply chains, as experts warn of a prolonged campaign to siphon digital assets for the regime’s financial needs.

Stolen Funds Fuel North Korea’s Nuclear Ambitions

According to reports from the United Nations and private security firms, North Korea has siphoned billions from banks and cryptocurrency firms over recent years. A White House official noted in 2023 that nearly half of the nation’s missile program is funded by such cyber operations. Last year alone, a single attack by North Korean hackers resulted in the theft of $1.5 billion in cryptocurrency, marking the largest recorded breach at the time.

“We anticipate they will try to leverage the credentials and system access they recently obtained in this software supply chain attack to target and steal cryptocurrency from enterprises,” said Charles Carmakal, Mandiant’s chief technology officer.

“North Korea isn’t worried about its reputation or being eventually identified, so while these types of operations are very noisy and high profile, that’s a price they’re willing to pay,” remarked Ben Read, director of strategic threat intelligence at security firm Wiz.

Attack Capitalizes on AI-Driven Software Development

John Hammond, a security researcher at Huntress, described the breach as “perfectly timed,” highlighting the rise of AI agents in software creation. These automated systems, often deployed without thorough review, have created a critical vulnerability in the supply chain. Hammond explained that the attack exploits the growing reliance on unreviewed code updates, leaving organizations exposed to unseen threats.

Experts caution that the downstream impact of this breach could take months to fully uncover, with the number of affected companies expected to grow as more entities realize their systems were compromised. This incident adds to a pattern of North Korean cyber operations, including a previous attack three years ago that targeted a software provider used by healthcare firms and hotel chains for voice and video communications.