{"id":1000933,"date":"2026-04-01T17:36:52","date_gmt":"2026-04-01T12:06:52","guid":{"rendered":"https:\/\/telecomlive.in\/web\/?p=1000933"},"modified":"2026-04-03T07:57:38","modified_gmt":"2026-04-03T02:27:38","slug":"north-korea-hackers-suspected-of-attack-on-widely-used-software-tool-axios-2","status":"publish","type":"post","link":"https:\/\/telecomlive.in\/web\/2026\/04\/01\/north-korea-hackers-suspected-of-attack-on-widely-used-software-tool-axios-2\/","title":{"rendered":"North Korea hackers suspected of attack on widely used software tool Axios"},"content":{"rendered":"<p>Hackers linked to North Korea are suspected of an ambitious attack on an inconspicuous but widely used software package, Google analysts and other cybersecurity experts said Wednesday.<\/p>\n<p>The cyberattack on a technical tool called Axios, which has tens of millions of weekly downloads by developers, could have far-reaching implications.<\/p>\n<p>A Google Threat Intelligence blog post said the impact of the attack &#8220;by North Korea-nexus actors&#8221; is &#8220;broad and has ripple effects&#8221; as other popular packages rely on Axios.<\/p>\n<p>&#8220;Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks.&#8221; <\/p>\n<p>That could enable further cyberattacks including ransomware, extortion and cryptocurrency theft, it said. <\/p>\n<p>Google on Wednesday described Axios as &#8220;the most popular JavaScript library used to simplify HTTP requests&#8221; &#8212; a behind-the-scenes part of computer programming targeted in the so-called &#8220;supply chain attack&#8221;.<\/p>\n<p>The tools used were similar enough to those wielded in previous attacks to point the finger at a &#8220;financially motivated North Korea-nexus threat actor active since at least 2018&#8221;, Google said.<\/p>\n<p>A UN panel estimated in 2024 that North Korea had stolen more than $3 billion in cryptocurrency since 2017. <\/p>\n<p>The stolen money helps fund the country&#8217;s nuclear weapons program, the panel said.<br \/>\nSeparate analysis of the hack, allegedly carried out on Tuesday, was also published Wednesday by several cybersecurity companies.<\/p>\n<p>In one example, Elastic Security Labs also said it suspected a &#8220;DPRK-linked threat cluster&#8221;, using the initials of North Korea&#8217;s official name.<\/p>\n<p>The attacker gained control of an account that manages the Axios project and published two &#8220;backdoored&#8221; versions of the software package, it said.<\/p>\n<p>Computer programmers use Axios to send requests to servers, allowing software to connect to the web, according to Bloomberg. <\/p>\n<p>Other companies including StepSecurity warned developers that had installed the two versions to assume their system had been compromised. <\/p>\n<p>North Korea&#8217;s cyber-warfare programme dates back to at least the mid-1990s. <\/p>\n<p>It has grown to a 6,000-strong cyber-warfare unit known as Bureau 121 that operates from several countries, according to a 2020 US military report.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers linked to North Korea are suspected of an ambitious attack on an inconspicuous but widely used software package, Google analysts and other cybersecurity experts said Wednesday. The cyberattack on a technical tool called Axios, which has tens of millions of weekly downloads by developers, could have far-reaching implications. A Google Threat Intelligence blog post said the impact of the attack &#8220;by North Korea-nexus actors&#8221; is &#8220;broad and has ripple effects&#8221; as other popular packages rely on Axios. &#8220;Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks.&#8221; That could enable further cyberattacks [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[7],"tags":[],"class_list":["post-1000933","post","type-post","status-publish","format-standard","hentry","category-it-2"],"acf":[],"_links":{"self":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts\/1000933","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/comments?post=1000933"}],"version-history":[{"count":0,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts\/1000933\/revisions"}],"wp:attachment":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/media?parent=1000933"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/categories?post=1000933"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/tags?post=1000933"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}