In a major supply chain attack that could take months to recover from, suspected North Korean hackers compromised a software package used by thousands of U.S. companies, CNN reported Tuesday.
Security experts responding to the hack told CNN they expect a long-term campaign to steal the cryptocurrency to fund the North Korean regime, which often spends such stolen sums on its missile and nuclear programs.
Axios software has been hacked
Hackers linked to Pyongyang had access for at least three hours on Tuesday to the account of a software developer who manages open-source software known as Axios. The report suggests the hackers used the approach to send malicious updates to any company that downloaded the software during that time, prompting a rush by the software developer to regain control of its account while cybersecurity executives across the country worked to assess the extent of the damage.
Read also | Anthropic accidentally leaks an unreleased Claude model with cybersecurity risks
Businesses in nearly every sector of the U.S. economy, from healthcare to finance, use Axios software to simplify the creation and management of their websites. In addition, the software is also used by some crypto firms, as well as technology companies operating in the crypto industry.
North Korean hackers are responsible, says Mandiant
According to Google-owned cyber intelligence company Mandiant, a suspected North Korean hacking group was behind the incident. Charles Carmakal, chief technology officer (CTO) of Mandiant, said: “We anticipate that they will attempt to use the credentials and system access they recently gained in this software supply chain attack to target and steal cryptocurrency from businesses,” adding that “it will likely take months to assess the impact of this campaign.”
Read also | Confident Kim embarks on a new era of defiance at a conclave in North Korea
The researcher identifies 135 compromised devices
According to John Hammond, a security researcher at Huntress, his organization has identified nearly 135 compromised devices belonging to at least 12 companies. However, he added that this is only a small sample of affected organizations, with the number expected to grow as more discover that they have been compromised.
North Korean hacking units are a source of income
According to the report, Tuesday’s attack is only the latest large-scale attack on the supply chain attributed to Pyongyang. Nearly three years ago, North Korean agents reportedly infiltrated another widely used software provider relied on by healthcare firms and hotel chains for voice and video calls.
Pyongyang’s hacking corps is said to be a vital source of revenue for the nuclear-armed and sanctions-ridden country. Hackers from North Korea have stolen billions of dollars from banks and cryptocurrency firms in the past few years, according to reports from the United Nations and private firms.
In 2025 alone, hackers stole $1.5 billion in cryptocurrency in a single attack, which was the largest crypto hack in history at the time. About half of the country’s missile program is funded by such digital heists, a White House official noted in 2013.
According to Ben Read, director of strategic threat intelligence at the Wiz, North Korea doesn’t care about its reputation or the likelihood of being identified. He added that while these operations tend to be loud and highly visible, it’s a trade-off they’re willing to accept.
Read also | North Korean hackers reportedly stole $2 billion worth of cryptocurrencies in 2025. Here’s how
Hammond said the hack was “perfectly timed” and pointed to the growing use of artificial intelligence (AI) agents creating software in organizations without sufficient oversight or safeguards. He added that the biggest vulnerability in the software supply chain today lies in the fact that too many people no longer control the components in use, leaving the door practically open.
