Google attributes Axios hack to North Korea
9 hours ago
- #supply-chain-attack
- #open-source-security
- #north-korea-hackers
- Suspected North Korean hackers hijacked the popular JavaScript library Axios via npm repository, distributing malicious updates that delivered a remote access trojan (RAT).
- The attack was a supply chain compromise, targeting developers to potentially gain access to millions of devices, and was mitigated within about three hours by security firm StepSecurity.
- Google attributed the attack to a North Korean threat actor known as UNC1069, highlighting their history of using such attacks for cryptocurrency theft.
- Hackers gained control by compromising a primary developer's account, replacing their email to hinder recovery, and pushed malicious updates for Windows, macOS, and Linux.
- The malware was designed to self-delete post-installation to evade detection, and security researchers advise affected users to assume their systems are compromised.