© ROOT-NATION.com - Use of content is permitted with a backlink.
North Korean cybercriminals have gained access to the popular Axios software used by thousands of companies in the United States. On Tuesday, they controlled the system for three hours, CNN reports.
According to cybersecurity experts, the attack targeted the supply chain, and it could take months to restore the system. Experts predict that the campaign will have long-term consequences related to the theft of cryptocurrency to finance the North Korean regime, which often uses these funds to develop nuclear and missile programs.
On Tuesday morning, hackers with ties to Pyongyang gained control of an Axios software developer account. They used this access to send malicious updates to all organizations that downloaded the program during those three hours. Axios is used by companies from various sectors of the economy, from healthcare to finance. The software simplifies the creation and management of websites, and some cryptocurrency and technology companies are actively using it in their operations.
Google-owned cyberintelligence firm Mandiant has identified the culprits as a suspected North Korean hacker group. Mandiant CTO Charles Carmackal told CNN: “We expect the hackers to use the credentials and system access gained in this attack to steal cryptocurrency from businesses. Assessing the impact of this campaign will take months.” John Hammond, a security researcher at Huntress, said that his company has identified approximately 135 infected devices belonging to 12 companies. This is only a fraction of the potential victims, a number that is likely to grow as organizations realize they have been breached.
This attack is another large-scale supply chain hack attributed to Pyongyang. Three years ago, North Korean hackers infiltrated another popular software provider that was used by healthcare companies and hotel chains for voice and video calls. North Korea’s powerful cyber group is an important source of revenue for the country, which is under international sanctions and possesses nuclear weapons. In recent years, North Korean hackers have stolen billions of dollars from banks and cryptocurrency companies, according to UN and private firm reports.
According to a White House official, in 2023, about half of the funding for North Korea’s missile program came from such digital heists. Last year, hackers stole $1.5 billion in cryptocurrency in a single transaction, the largest crypto hack in history. Ben Reed, director of strategic threat intelligence at Wiz, said: “North Korea is not concerned with reputation or risk of detection. High-profile operations are an acceptable price for them.”
Hammond described the attack as “perfectly timed” given the introduction of AI agents that automatically develop software in organizations without additional controls or restrictions.
Read also:
- Your files are safe: Google introduces “rollback button” after cybercriminal attacks
- Tesla launches Cybercab without steering wheel and pedals in April