Trending 
Google analysts and other cybersecurity experts have accused hackers believed to be operating from North Korea of being behind an attack on a technical tool called Axios.
Axios has millions of weekly downloads from developers. Google described the software tool as “the most popular JavaScript library used to simplify HTTP requests”, a behind-the-scenes part of computer programming targeted in the so-called “supply chain attack”.
A Google Threat Intelligence blog post said this attack could have far-reaching implications.
“Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks,” the blog post noted.
The blog post added that the attack could enable further cyberattacks, including ransomware, extortion and cryptocurrency theft.
Google also said the tools used were similar enough to those wielded in previous attacks to point the finger at a “financially motivated North Korea-nexus threat actor active since at least 2018”.
A United Nations (UN) panel estimated in 2024 that North Korea had stolen more than $3 billion in cryptocurrency since 2017, adding that the stolen money helps fund the country’s nuclear weapons program
AFP reported that several cybersecurity companies published a separate analysis of the hack, which was reportedly carried out on Tuesday.
Elastic Security Labs also said it suspected a “DPRK-linked threat cluster”, using the initials of North Korea’s official name.
It further noted that the attacker gained control of an account that manages the Axios project and published two “backdoored” versions of the software package.
North Korea’s cyber-warfare programme, which has now grown to a 6,000-strong cyber-warfare unit known as Bureau 121, dates back to at least the mid-1990s. A US military report published in 2020 revealed that Bureau 121 operates in several countries worldwide.
