North Korea-linked hackers breached Axios, a widely used open-source software that powers background functions across websites, banking apps, and mobile platforms. Google identified the group as UNC1069, which has operated since at least 2018 and specializes in supply chain attacks targeting financial and crypto sectors.
The attackers injected malicious code into a legitimate Axios update, allowing them to silently harvest login credentials and system data without user interaction. The malware was designed to infect macOS, Windows, and Linux systems.
"The software you already trust did it for you," said Tom Hegel of SentinelOne. The breach enabled potential access to millions of environments.
Google and cybersecurity firm Elastic Security confirmed the attack was part of a broader North Korean strategy to steal cryptocurrency to fund weapons programs and evade international sanctions.
Developers of Axios could not be reached. The tool, used by countless digital services, remains under review as patches are deployed.