In a significant cyber incident, hackers believed to be from North Korea have successfully infiltrated software utilized by numerous companies throughout the United States. This breach aims to facilitate the theft of cryptocurrency to support the nation's nuclear and missile development programs. Currently, 135 devices across 12 distinct companies have been confirmed as compromised, although the total number of victims may be much higher. Experts anticipate that it will take several months to fully investigate the breach and recover from its impact.

The primary target of this hacking operation was Axios, a widely used open-source JavaScript library that developers rely on for managing HTTP requests. By employing sophisticated malware that provides backdoor access to operating systems, the North Korean hacking group was able to penetrate corporate systems. Notably, the two versions of Axios that were exploited are collectively downloaded over 183 million times each week, suggesting that many companies that installed these versions could have been left open to attack.

While the complete ramifications of this incident are yet to be fully understood, preliminary assessments indicate that potentially hundreds of thousands of sensitive company secrets may have been compromised, placing this incident among the most severe data breaches in recent history.

Why is North Korea Targeting U.S. Companies?

The hacking group behind this incident, identified as UNC1069, has been active since 2018 and has primarily focused its efforts on the financial sector. Charles Carmakal, Chief Technology Officer at Mandiant, commented on the situation, stating, "We anticipate they will try to leverage the credentials and system access they recently obtained in this software supply chain attack to target and steal cryptocurrency from enterprises." This underscores the seriousness of the breach and the potential for further exploitation.

Cybercrime has increasingly become a cornerstone of North Korea's revenue generation, with a significant portion of its funding for nuclear and missile initiatives sourced from these illicit activities. Reports suggest that the country's missile program is currently funded, in part, through the proceeds of hacking. In the past few years, North Korean hackers have managed to siphon off billions of dollars from various cryptocurrency firms and banking institutions, including a staggering $1.5 billion stolen in a single attack last year.

The latest hacking incident represents an exceptionally advanced supply chain attack, notable for its ability to cover its tracks after delivering its malicious payload to the targeted systems. This stealthy approach complicates detection efforts for developers who may have inadvertently downloaded the compromised software. At this stage, it appears that UNC1069 is not attempting to conceal their actions; rather, they aim to conduct their operations efficiently before any identification or counteraction can occur.

Conclusion

The implications of this breach are profound, with the potential to affect countless businesses across the United States. As investigations continue and the true scale of the damage becomes clearer, the focus will also be on improving cybersecurity measures to safeguard against such sophisticated attacks in the future. The situation remains fluid, and stakeholders are urged to remain vigilant as recovery efforts begin.

Source: SlashGear News