Threat actors from North Korea hacked software used by organizations in the US to steal cryptocurrency to fund North Korea's nuclear and missile programs. Experts found 135 devices across 12 organizations hacked; however, the list of victims can increase. The investigation may take months to uncover full details of the campaign.
Axios attacked
Hackers targeted Axios, a famous open-source JavaScript library that developers use to oversee HTTP requests. The North Korean gang accessed organizations' systems via malware that opens backdoor access to OS. Hackers targeted two versions of Axios that were downloaded over 183 million times each week; organizations that downloaded it during the particular time period were exposed to the attack.
About the incident
Hackers with ties to Pyongyang gained access to the account of a software engineer who oversees the open-source program Axios on Tuesday for at least three hours. According to the report, the attackers used that access to send infected updates to any company that had downloaded the software at the time. This caused the software developer to rush to take back control of his account while cybersecurity executives nationwide attempted to determine the extent of the damage.
The impact
While the full damage may take months to fix, experts believe that hundreds of thousands of business secrets have already leaked, which can make it one of the worst data breaches.
About UNC1069
The North Korean group, suspicious of hacking Axios is called UNC1069. Since 2018, the gang has attacked the finance industry. Mandiant believes that the hackers will "try to leverage the credentials and system access they recently obtained in this software supply chain attack to target and steal cryptocurrency from enterprises,"
Why are attacks on the rise from North Korea
Hacking has become a staple of North Korea. The revenue generated from these cyberattacks funds the country’s nuclear and missile programs to the point that these plans are half funded through hacking. In recent years, state-sponsored hackers have stolen billions of dollars from banks and cryptocurrency firms. This includes the infamous (and record-breaking) $1.5 billion crypto theft in 2025 in a single attack.
Most deadly cyberattack in history
The recent attack was the most advanced supply chain effort to date, cleaning its tracks after installing the payload on the target device. It made detection difficult for developers who unknowingly downloaded the malicious software. Experts say that UNC1069 is not even trying to hide anymore, they just disappears before detection.
