Maps
Magazine

WORLD NEWS

North Korean Hackers Breach Popular Software to Steal Login Credentials
North Korean-linked hackers compromised the open-source software Axios, aiming to steal login credentials and cryptocurrency. Google calls it a supply chain attack affecting macOS, Windows, and Linux.
ND
by News Desk
2026-04-01
North Korean Hackers Breach Popular Software to Steal Login Credentials

Tech security firm Google reported that hackers linked to North Korea breached Axios, a widely used software that connects apps and web services, in an attempt to steal login information. The breach was discovered after hackers injected malicious code into a software update issued Monday.

“Every time you load a website, check your bank balance, or open an app, Axios could be running in the background making that work,” explained Tom Hegel, a senior researcher at SentinelOne. The malicious code, now removed, could have exposed users’ credentials, enabling further attacks or data theft.

Unlike commercial software, Axios is open-source, meaning its code is freely accessible and modifiable. Cybersecurity researchers classified the breach as a supply chain attack, where trusted software itself becomes the vehicle for malware. “You don’t have to click anything or make a mistake. The software you already trust did it for you,” Hegel said.

Google attributed the attack to UNC1069, a hacking group operating since at least 2018, known for targeting cryptocurrency and financial industries. According to John Hultquist, Google’s chief threat analyst, North Korean hackers often use stolen cryptocurrency to fund weapons programs and evade sanctions.

Analysis by cybersecurity firm Elastic Security showed that the malware could infect macOS, Windows, and Linux, giving hackers potential access to millions of systems. The extent of infections remains unclear. Attempts to contact the hackers or Axios developers for comment were unsuccessful.

This incident highlights the growing risks of supply chain attacks, where even trusted software updates can become a gateway for malicious actors.
Tagged:

NorthKorea

CyberSecurity

SupplyChainAttack

Axios
Share News: