Technology

North Korea-linked hack hits largely invisible software that powers online services

By AJ Vicens
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

March 31 (Reuters) - Hackers linked ⁠to North Korea breached behind-the-scenes software that runs many common online functions in an ⁠effort to steal login information that could enable further cyber operations, Google said on ‌Tuesday.

The hackers targeted Axios, a program that connects apps and web services, by adding their own malicious software to an update issued Monday, Google and independent cyber researchers said after the hack came to light early on Tuesday.

“Every time you load ​a website, check your bank balance, or open an app ⁠on your phone, there’s a good chance ⁠Axios is running somewhere in the background making that work,” said Tom Hegel, a senior researcher ⁠at ‌SentinelOne.

The malicious software, which has since been removed, could have given hackers access to a computer's data including access credentials, which can then be used to carry out additional data ⁠theft or other kinds of attacks.

The developers of Axios could not ​immediately be reached for comment. ‌Rather than a proprietary commercial product, the software is open source, meaning the code ⁠can be openly ​licensed and modified by users.

The cyber researchers described the breach as a supply chain attack, in which the hackcould enable attacks on downstream entities.

“You don’t have to click anything or make a mistake,” Hegel said. “The software you ⁠already trust did it for you.”

Google attributed the hack to ​a group it tracks as UNC1069. Google said in a February report the group has operated since at least 2018 and is known for targeting the cryptocurrency and financial industries.

“North Korean hackers have deep ⁠experience with supply chain attacks, which they primarily use to steal cryptocurrency,” John Hultquist, chief analyst for Google's threat intelligence group, said in a statement.

North Korea uses stolen crypto to fund its weapons and other programs, and evade sanctions, according to the U.S. government.

North Korea’s mission to the U.N. did ​not immediately respond to a request for comment.

The hackers created versions of ⁠the malware that could infect macOS, Windows and Linux operating-system versions, according to an analysis published by ​cybersecurity firm Elastic Security.

The hackers' methods meant "the attacker gained a ‌delivery mechanism with potential reach into millions of environments," ​Elastic said. It was not clear how many times the malicious software was downloaded.

Efforts to contact the hackers were unsuccessful.

(Reporting by AJ Vicens in Detroit; Editing by Cynthia Osterman)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News
German official report: Teen social media ban faces legal hurdles
Microsoft, Chevron and Engine No. 1 sign exclusive deal for power supply
Anthropic to sign deal with Australia on AI safety and economic data tracking
AT&T signs deal worth $2 billion to upgrade emergency cellular network
X recovers after brief US outage, Downdetector shows
Elon Musk must face class action over late disclosure of Twitter stake, judge rules
Oracle begins cutting thousands of jobs, CNBC reports
MercadoLibre's fintech terminates its cryptocurrency Mercado Coin
Apple tests Siri feature that handles multiple commands at once, Bloomberg News reports
Tether cuts two gold traders hired three months ago, source says

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.