Security experts warned on Tuesday that a software package used by thousands of US corporations has been compromised by suspected North Korean hackers in a significant supply-chain attack that may take months to recover from.
Experts responding to the attack told that they foresee a long-term operation to steal crypto to assist the North Korean state, which frequently spends the stolen funds on nuclear and missile projects.
For three hours on Tuesday morning, the Pyongyang-affiliated hackers gained access to the account of a software developer who oversees the open-source program Axios. The software developer scrambled to retake control of his account, while cybersecurity executives nationwide scrambled to assess the damage after the hackers exploited that access to distribute malicious updates to any firm who downloaded the software during that period.
Axios makes the process of creating and maintaining websites easier for businesses in almost every industry, including health care and finance. The program is used by several crypto companies as well as tech companies involved in the sector.
Google-owned cyber-intelligence company Mandiant claimed that a suspected North Korean hacker squad was at fault.
Charles Carmakal, chief technology officer at Mandiant, told, “We anticipate they will try to target and steal cryptocurrency from enterprises using the credentials and system access they recently obtained in this software supply chain attack.” “Evaluating the campaign’s downstream effects will probably take months.
According to John Hammond, a security researcher at Huntress, his company has found over 135 hacked devices from about 12 different businesses. However, that is only a small portion of the victims that are anticipated to grow as more businesses realize they were compromised.
This is just Pyongyang’s most recent widespread supply-chain assault. North Korean agents allegedly gained access to another well-known software vendor that was used for audio and video conversations by hotel chains and healthcare organizations three years ago.
For the sanctioned, nuclear-armed nation, North Korea’s powerful hacker corps is a vital source of income. According to estimates from the UN and private companies, North Korean hackers have stolen billions of dollars from banks and cryptocurrency companies over the past few years.
According to a White House official in 2023, around half of North Korea’s missile development has been financed by these digital thefts.
In what was then the biggest cryptocurrency theft ever, North Korean hackers stole $1.5 billion in cryptocurrencies in a single attack last year.
According to Ben Read, head of strategic threat intelligence at Google-owned security firm Wiz, “North Korea isn’t worried about its reputation or being eventually identified, so even though these types of operations are very noisy and high profile, that’s a price they’re willing to pay.”
Given the use of AI agents that create software at companies “without any review or guardrails,” Hammond called the exploit “perfectly timed.”
“Too many people don’t read what gets put in the ingredients anymore, which is the biggest weakness in the entire software supply chain,” Hammond told.
