North Korea-linked hackers breach Axios software to target US firms; crypto theft feared: Report

In a major supply-chain attack that could take months to recover from, suspected North Korean hackers compromised a software package used by thousands of US companies, CNN reported on Tuesday.

Security experts who are responding to the hack told CNN that they anticipate a long-term campaign to steal cryptocurrency to fund the North Korean regime, which frequently spends such stolen amounts on its missile and nuclear programmes.

Axios software hacked

Pyongyang-linked hackers, on Tuesday, for at least three hours, had access to the account of a software developer that manages the open-source software known as Axios. The report suggests that the hackers used that access to send malicious updates to any company that downloaded the software during the time, triggering a rush by the software developer to regain control of his account, while cybersecurity executives across the country worked to assess the extent of the damage.

Firms in nearly every sector of the US economy, from health care to finance, use Axios software to simplify building and managing their websites. Additionally, some crypto firms also use the software, as well as technology companies operating in the crypto industry.

North Korean hackers responsible, says Mandiant

According to Google-owned cyber-intelligence firm Mandiant, a suspected North Korean hacking group was behind this incident. Charles Carmakal, Mandiant’s chief technology officer (CTO), said, "We anticipate they will try to leverage the credentials and system access they recently obtained in this software supply chain attack to target and steal cryptocurrency from enterprises," adding that “it will likely take months to assess the downstream impact of this campaign.”

Researcher identifies 135 compromised devices

According to John Hammond, a security researcher at Huntress, his organisation identified nearly 135 compromised devices belonging to at least 12 companies. However, he added that this is just a small sample of the affected organizations, with the number expected to rise as more discover they have been hacked.

North Korea's hacking corps a source of revenue

According to the report, the Tuesday attack is only the recent sweeping supply-chain attack attributed to Pyongyang. Nearly three years ago, North Korean operatives allegedly infiltrated another widely used software provider that healthcare firms and hotel chains relied on for voice and video calls.

Pyongyang's hacking corps is reportedly a crucial source of revenue for the nuclear-armed and sanctions-battered country. According to reports from the United Nations and private firms, hackers from North Korea have stolen billions of dollars from banks and cryptocurrency firms in the past few years.

In 2025 alone, the hackers stole $1.5 billion in cryptocurrency in a single attack, which was then the largest crypto hack on record. Roughly half of the country's missile program is funded by such digital heists, a White House official noted in 2013.

According to Ben Read, director of strategic threat intelligence at Wiz, North Korea isn’t concerned about its reputation or the likelihood of being identified. He added that although these operations tend to be loud and highly visible, that’s a trade-off they are willing to accept.

Hammond said the hack was “perfectly timed,” pointing to the growing use of artificial intelligence (AI) agents that build software within organizations without adequate oversight or safeguards. He added that the software supply chain’s greatest vulnerability today lies in the fact that too many people no longer scrutinize the components being used, effectively leaving the door wide open.