By AJ Vicens
March 31 (Reuters) – Hackers linked to North Korea breached behind-the-scenes software that runs many common online functions in an effort to steal login information that could โenable further cyber operations, Google said on Tuesday.
The hackers targeted Axios, a program that โconnects apps and web services, by adding their own malicious software to an update issued Monday, Google and independent cyber โresearchers said after the hack came to light early on Tuesday.
โEvery time you load a website, check your bank balance, or open an app on your phone, thereโs a good chance Axios is running somewhere in the background making that work,โ said Tom Hegel, a senior researcher at SentinelOne.
The malicious โsoftware, which has since been removed, โ could have given hackers access to a computer’s data including access credentials, which can then be used to carry out additional data theft or other kinds โ of attacks.
The developers of Axios could not immediately be reached for comment. Rather than a proprietary commercial product, the software is open source, meaning the code can be openly licensed and modified by users.
The โcyber researchers โdescribed the breach as a supply chain attack, in โwhich the hack could enable attacks on โdownstream entities.
โYou donโt have to click anything or make a mistake,โ Hegel said. โThe software you already trust did it for you.โ
Google attributed the hack to a group it tracks as UNC1069. Google said in a February report the group has operated since at least 2018 and is known for targeting the cryptocurrency and financial industries.
โNorth Korean hackers have deep experience with supply chain attacks, which โthey primarily use to steal cryptocurrency,โ John Hultquist, chief analyst โfor Google’s threat intelligence group, said in a statement.
North โKorea uses stolen crypto to fund its โweapons and other programs, and evade sanctions, according to the U.S. government.
North Koreaโs โmission to the U.N. did not immediately โrespond to a request โfor comment.
The hackers created versions of the malware that could infect macOS, Windows and Linux operating-system versions, according to an analysis published by cybersecurity firm Elastic Security.
The hackers’ methods meant “the โattacker gained a delivery mechanism โwith potential reach into millions of environments,” Elastic said. It was not clear how โmany times the malicious software was downloaded.
Efforts to contact the hackers were unsuccessful.
(Reporting by โAJ Vicens in Detroit; Editing by Cynthia Osterman)
