North Korean threat operation UNC1069 was noted by the Google Threat Intelligence Group to have perpetrated the npm supply chain attack against the widely used HTTP client axios, reports The Record, a news site by cybersecurity firm Recorded Future.Supply chain compromise has been a primary tool in North Korea's cryptocurrency heists, according to Google Threat Intelligence Group chief analyst John Hultquist, who noted the potential "far-reaching impacts" of the axios breach that was initially reported to have enabled RAT distribution. Google's findings have been supported by other cybersecurity analysts, who noted similarities between the axios backdoors and the WAVESHAPER malware leveraged in an earlier North Korean campaign that involved Zoom spoofing.While the incident is not connected to TeamPCP's recent spate of supply chain intrusions, Mandiant Chief Technology Officer Charles Carmakal warned of further software supply chain and software-as-a-service compromise stemming from secrets stolen during the past two weeks. The axios compromise was also regarded by Kaseya's Mike Puglia to emphasize global software ecosystem vulnerabilities.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds