North Korean Hackers Hijack Popular Software to Launch Crypto Theft Campaign Against US Firms

Suspected North Korean hackers infiltrated a widely used software package for a few hours, putting thousands of US companies at risk and raising concerns about a possible long-term cryptocurrency theft campaign.

Wide Reach Through a Single Software Package

On a recent Tuesday morning, hackers linked to North Korea gained unauthorized control of an account tied to Axios, a popular open-source JavaScript library used by thousands of companies across various sectors in the United States. Axios helps developers manage web connectivity for their applications, making it a staple in industries ranging from healthcare to finance and technology.

For roughly three hours, attackers pushed out malicious updates to any organization downloading Axios during that window. The breach led to a quick effort to regain control and figure out the damage, with companies rushing to find affected systems.

Supply Chain Attack with a Crypto Focus

Mandiant, a cybersecurity firm now owned by Google, attributed the attack to a North Korea-linked hacking group known for targeting cryptocurrency assets. Charles Carmakal, Mandiant’s CTO, warned this is likely just the beginning of a protracted effort to exploit stolen credentials and system access to siphon cryptocurrency from corporate targets.

John Hammond from Huntress, another security company, reported that his team has already spotted 135 infected devices tied to about a dozen companies. But he cautioned this represents only a fraction of the affected parties, as investigations are still unfolding and more victims may surface.

Why Axios?

The Risks of Open-Source Dependencies

Axios is among the most downloaded open-source libraries on npm, the JavaScript package manager, with millions of weekly downloads. Unlike proprietary software, open-source projects rely heavily on community contributions and volunteer maintenance, which can create vulnerabilities.

Hackers can use these supply chain weaknesses to slip malware past usual security measures.

Security firm StepSecurity described the attack as one of the most sophisticated supply chain breaches ever documented against a top-10 npm package. The malicious code delivered a remote access trojan capable of reaching out to command servers, executing further payloads, and erasing traces to evade detection.

North Korea’s Digital Crime Machine

North Korea’s cyber units use supply chain attacks as one way to make money despite international sanctions. The regime reportedly funnels billions stolen through cybercrime into its nuclear and missile programs. A White House official revealed that about half of North Korea’s missile development is financed by such digital thefts.

Last year, the country’s hackers pulled off a record-setting crypto heist, stealing $1.5 billion in one operation alone. These attacks often involve direct targeting of cryptocurrency firms and banks worldwide, using highly sophisticated tactics to bypass security.

Ben Read, director of strategic threat intelligence at security firm Wiz, pointed out that North Korea doesn’t shy away from high-profile hacks despite the risk of exposure. The regime is willing to accept the consequences to keep funding its military ambitions.

Potential Impact on US Businesses and Beyond

The Axios breach raises alarms not just for private companies but also for government agencies and contractors. Many rely on open-source software like Axios for critical operations, meaning the ripple effects could extend into public sector cybersecurity.

Officials from the FBI and CISA didn’t comment, but experts say this attack method might be copied in future hacks. With hackers gaining remote access, the threat extends beyond immediate theft to potential network infiltration, credential harvesting, and further software compromises.

The full scope of the breach is still unclear, but the scale of Axios’s use means the fallout could drag out for months. Recovery requires careful audits and patching across countless organizations, a daunting task for cybersecurity teams already stretched thin.

The Axios supply chain attack highlights the increasing dangers of relying on open-source software, especially as state-backed hackers chase digital assets to fund their goals.