Overview
- Hackers who accessed an Axios developer account for about three hours on Tuesday morning pushed a booby-trapped update to anyone installing the open-source tool that lets apps and websites talk to servers.
- Google’s threat intelligence unit attributed the operation to UNC1069, a North Korea-linked group active since at least 2018 that focuses on cryptocurrency and financial targets.
- Elastic Security reported malware built for Windows, macOS and Linux, a sign of planning for reach into many environments that depend on Axios across industries.
- The tainted release was discovered and removed within roughly a day, but how many downloads occurred during the window remains unclear.
- Huntress has identified about 135 compromised devices across roughly 12 companies, and Mandiant expects the thieves to use any captured credentials to break into enterprises and steal crypto.