🚀 Read this awesome post from TechCrunch 📖
📂 **Category**: Security,hackers,hacking,malware,cybersecurity,cybercrime,infosec,axios,supply chain attack
📌 **What You’ll Learn**:
A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of exposure.
On Monday, a hacker deployed malicious versions of a widely used JavaScript library called Axios, which developers rely on to allow their programs to connect to the Internet. The affected library is hosted on npm, a software repository that stores code for open source projects. Axios is downloaded tens of millions of times each week.
The kidnapping was detected and stopped within about three hours overnight from Monday to Tuesday, according to security firm StepSecurity, which analyzed the attack.
Hackers are increasingly targeting developers of popular open source projects in an attempt to mass compromise anyone relying on compromised code, potentially giving hackers access to large numbers of affected devices. These types of large-scale breaches are called supply chain attacks because they target software that allows hackers to compromise anyone who has downloaded the compromised software. In recent years, hackers have targeted companies like 3CX, Kaseya, and SolarWinds, as well as open source tools like Log4j and Polyfill.io, to target large numbers of their users.
It is not clear at this point how many people downloaded the malicious version of Axios during that time period. Security firm Aikido, which also investigated the incident, said anyone downloading the code “should assume their system is compromised.”
Google told TechCrunch that its security researchers are linking the Axios hack to North Korean hackers.
“We have attributed the attack to a suspected North Korean threat actor that we track as UNC1069,” said John Hultquist, a senior analyst at Google’s Threat Intelligence Group. “North Korean hackers have deep experience with supply chain attacks, which they have historically used to steal cryptocurrencies. The full scope of this incident remains unclear, but given the popularity of the compromised package, we expect it to have far-reaching implications.”
TechCrunch event
San Francisco, California
|
October 13-15, 2026
Contact us
Do you have more information about this hack? Or other attacks on the supply chain? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram, Keybase, Wire@lorenzofb, or via email.
The hacker was able to insert malicious code into Axios by hacking into the account of one of the project’s core developers, who was authorized to publish updates. The hacker has replaced the legitimate developer’s email address on the account with his own, making it more difficult for the developer to regain access.
Once the account was taken over, the hacker inserted malicious code designed to deliver a remote access Trojan, or RAT — essentially malware that can give hackers complete remote control of a victim’s computer. The hacker then released new versions of Axios in a legitimate-looking update for Windows, macOS, and Linux users.
The hackers also designed the malware, as well as some of the code used to deliver it, to automatically delete itself after installation in an attempt to hide from anti-malware engines and investigators, according to security researchers.
Updated to include information from Google about attribution to North Korea.
💬 **What’s your take?**
Share your thoughts in the comments below!
#️⃣ **#Hackers #North #Korea #blamed #hijacking #popular #open #source #project #Axios #spread #malware**
🕒 **Posted on**: 1775034075
🌟 **Want more?** Click here for more info! 🌟
