According to CNN, the attack is a classic supply chain breach. Hackers managed to insert malicious code into a widely used open-source software package called “Axios,” which is utilized across multiple industries—from healthcare to finance—including firms operating in the crypto space.
The attackers, linked to North Korea, briefly gained access to a developer’s account and, within a three-hour window, pushed compromised updates to all users who downloaded the software during that time. This triggered an immediate response from cybersecurity experts, who are still working to assess the full scale of the damage.
Mandiant, a cybersecurity firm owned by Google, believes the operation is part of a long-term campaign focused on cryptocurrency theft. The attackers are expected to leverage stolen credentials and access points for further intrusions.
Initial findings from Huntress show that at least 135 devices across roughly 12 organizations have already been compromised. However, experts warn that this is likely just a fraction of the total number of victims, which is expected to grow as more companies investigate.
This incident is part of a broader pattern. In recent years, North Korean hacking groups have stolen billions of dollars, primarily targeting banks and crypto-related companies. Reports from the United Nations suggest that these funds are used to support the country’s nuclear and missile programs.
Last year alone, hackers linked to Pyongyang reportedly stole around $1.5 billion in a single operation—one of the largest crypto heists ever recorded.
Cybersecurity experts warn that attacks like this are becoming increasingly dangerous, especially with the growing use of AI-driven tools in software development, often without proper oversight.
“The biggest weakness in today’s software supply chain is that too many people no longer verify what exactly is being included,” researchers said, noting that the full impact of this breach could take months to fully understand.
