N Korea-linked hackers target open-source software in global supply chain breach

Hackers believed to be linked to North Korea have infiltrated a widely used piece of open-source software, potentially exposing sensitive data and login credentials across a vast number of systems, according to researchers.

Reuters reported that security experts said the attackers compromised Axios, a commonly used tool that helps applications and websites communicate with servers. The breach was carried out by inserting malicious code into a recent software update, effectively turning a trusted component into a vehicle for cyber intrusion.

The tampered update, which has since been removed, may have enabled attackers to extract sensitive information from affected systems, including authentication credentials. Such data could be used to launch further attacks or gain unauthorised access to networks.

Researchers described the incident as a supply chain attack, a method that targets software dependencies rather than individual users. Because Axios operates behind the scenes in many digital services, the breach could have had far-reaching consequences without requiring any direct action from users.

Cybersecurity analysts quoted by Reuters said that this type of attack is particularly dangerous, as it exploits trust in widely used software. Once compromised, it can provide attackers with access to numerous downstream systems that rely on the affected tool.

Google attributed the activity to a group it tracks as UNC1069, which it says has been active since at least 2018. The group is known for targeting financial and cryptocurrency-related platforms, often as part of broader efforts linked to state-backed objectives.

According to analysts, such cyber operations are frequently aimed at generating funds through illicit means, including cryptocurrency theft, which can then be used to bypass international sanctions.

Further analysis by Elastic Security indicated that the malicious code was designed to operate across multiple operating systems, including macOS, Windows and Linux, increasing its potential reach.

While it remains unclear how widely the compromised update was distributed, experts warned that the attack may have exposed a significant number of systems globally. Investigations are ongoing to determine the full extent of the breach and its impact.

The incident underscores growing concerns about the security of open-source software and highlights the increasing sophistication of cyber threats targeting global digital infrastructure.

With PTI, IANS inputs