North Korea-linked hackers breach popular software to steal credentials

Technology

Reuters

Published 01 Apr, 2026 11:59am 2 min read

Reuters

Kremlin, asked about its Donbas demands, says Ukraine should have pulled out ‘yesterday’

List of qualified teams for FIFA World Cup 2026

Italy miss out on World Cup for third straight time after loss to Bosnia

Miniatures of people with computers are seen in front of North Korea flag in this illustration. – Reuters

Hackers linked to North Korea breached behind-the-scenes software that runs many common online functions in an effort to steal login information that could enable further cyber operations, Google said on Tuesday.

The hackers targeted Axios, a program that connects apps and ‌web services, by adding their own malicious software to an update issued Monday, Google and independent cyber researchers said after the hack came to light early on Tuesday.

“Every time you load a website, check your bank balance, or open an app on your phone, there’s a good chance Axios is running somewhere in the background making that work,” said Tom Hegel, a ⁠senior researcher at SentinelOne.

The malicious software, which has since been removed, could have given hackers access to a computer’s data, including access credentials, which can then be used to carry out additional data theft or other kinds of attacks.

The developers of Axios could not immediately be reached for comment. Rather than a proprietary commercial product, the software is open source, meaning the code can be openly licensed and modified by users.

The cyber researchers described the breach as a supply chain attack, in which the hack could enable attacks on downstream entities.

“You don’t have to click anything or make a mistake,” Hegel ‌said. “The ⁠software you already trust did it for you.”

Google attributed the hack to a group it tracks as UNC1069.

Google said in a February report that the group has operated since at least 2018 and is known for targeting the cryptocurrency and financial industries.

“North Korean hackers have deep experience with supply chain attacks, which they primarily use to ⁠steal cryptocurrency,” John Hultquist, chief analyst for Google’s threat intelligence group, said in a statement.

North Korea uses stolen crypto to fund its weapons and other programs and evade sanctions, according to the U.S. government.

North Korea’s mission to ⁠the UN did not immediately respond to a request for comment.

The hackers created versions of the malware that could infect macOS, Windows and Linux operating systems, according to an analysis published by cybersecurity ⁠firm Elastic Security.

The hackers’ methods meant “the attacker gained a delivery mechanism with potential reach into millions of environments,” Elastic said.

It was not clear how many times the malicious software was downloaded.

Efforts to contact the hackers were unsuccessful.

For the latest news, follow us on Twitter @Aaj_Urdu. We are also on Facebook, Instagram and YouTube.