Seoul : Hackers linked to North Korea are suspected of an ambitious attack on an inconspicuous but widely used software package, Google analysts and other cybersecurity experts said Wednesday.
The cyberattack on a technical tool called Axios, which has tens of millions of weekly downloads by developers, could have far-reaching implications.
A Google Threat Intelligence blog post said the impact of the attack “by North Korea-nexus actors” is “broad and has ripple effects” as other popular packages rely on Axios.
“Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks.”
That could enable further cyberattacks including ransomware, extortion and cryptocurrency theft, it said.
Google on Wednesday described Axios as “the most popular JavaScript library used to simplify HTTP requests” — a behind-the-scenes part of computer programming targeted in the so-called “supply chain attack”.
The tools used were similar enough to those wielded in previous attacks to point the finger at a “financially motivated North Korea-nexus threat actor active since at least 2018”, Google said.
A UN panel estimated in 2024 that North Korea had stolen more than $3 billion in cryptocurrency since 2017.
The stolen money helps fund the country’s nuclear weapons program, the panel said.
Separate analysis of the hack, allegedly carried out on Tuesday, was also published Wednesday by several cybersecurity companies.
In one example, Elastic Security Labs also said it suspected a “DPRK-linked threat cluster”, using the initials of North Korea’s official name.
The attacker gained control of an account that manages the Axios project and published two “backdoored” versions of the software package, it said.
Computer programmers use Axios to send requests to servers, allowing software to connect to the web, according to Bloomberg.
Other companies including StepSecurity warned developers that had installed the two versions to assume their system had been compromised.
North Korea’s cyber-warfare programme dates back to at least the mid-1990s.
It has grown to a 6,000-strong cyber-warfare unit known as Bureau 121 that operates from several countries, according to a 2020 US military report.
Disclaimer : This story is auto aggregated by a computer programme and has not been created or edited by DOWNTHENEWS. Publisher: deccanchronicle.com
