GoKawiilA suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised.
On Monday, a hacker pushed malicious versions of the widely used JavaScript library called Axios, which developers rely on to allow their software to connect to the internet. The affected library was hosted on npm, a software repository that stores code for open-source projects. Axios is downloaded tens of millions of times every week.
The hijack was spotted and stopped in around three hours overnight on Monday into Tuesday, according to security firm StepSecurity, which analyzed the attack.
Hackers are increasingly targeting developers of popular open-source projects in an effort to mass-hack anyone who relies on the compromised code, potentially granting the hackers access to vast numbers of affected devices. These kinds of widespread breaches are called supply chain attacks because they target software that allows hackers to then hack whoever downloaded the compromised software. In recent years, hackers have targeted companies like 3CX, Kaseya, and SolarWinds, as well as open source tools such as Log4j and Polyfill.io, to target large numbers of their users.
It’s unclear at this point how many people downloaded the malicious version of Axios during that timespan. Security company Aikido, which also investigated the incident, said anyone who downloaded the code “should assume their system is compromised.”
Google told TechCrunch that its security researchers are linking the Axios compromise to North Korean hackers.
“We have attributed the attack to a suspected North Korean threat actor we track as UNC1069,” said John Hultquist, the chief analyst for Google’s Threat Intelligence Group. “North Korean hackers have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency. The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts.”
Techcrunch event Disrupt 2026: The tech ecosystem, all in one room Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400. Save up to $300 or 30% to TechCrunch Founder Summit 1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13. San Francisco, CA | REGISTER NOW
... continue reading