By Sean Lyngaas, CNN
(CNN) — Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts said Tuesday.
Experts who are responding to the hack told CNN they expect a long-term campaign to steal cryptocurrency to fund the North Korean regime, which often spends such stolen money on its nuclear and missile programs.
For three hours on Tuesday morning, the Pyongyang-linked hackers had access to the account of a software developer who manages the open-source software known as Axios. The hackers used that access to send malicious updates to any organization that downloaded the software during that time, setting off a scramble by the software developer to regain control of his account and by cybersecurity executives across the country to assess the damage.
Companies in just about every sector of the economy, from health care to finance, use Axios to simplify building and managing their websites. Some cryptocurrency firms use the software, as do tech firms active in the crypto industry.
Mandiant, a cyber-intelligence firmed owned by Google, said that a suspected North Korean hacking group was responsible.
“We anticipate they will try to leverage the credentials and system access they recently obtained in this software supply chain attack to target and steal cryptocurrency from enterprises,” Charles Carmakal, Mandiant’s chief technology officer, told CNN. “It will likely take months to assess the downstream impact of this campaign.
John Hammond, a security researcher at Huntress, said his firm has identified about 135 compromised devices belonging to roughly 12 companies. But that is just a small snapshot of the pool of victims that is expected to surge as organizations discover they were hacked.
It’s only the latest sweeping supply-chain attack attributed to Pyongyang. Three years ago, North Korean operatives allegedly infiltrated another popular software provider that healthcare firms and hotel chains used for voice and video calls.
North Korea’s formidable hacking corps is an essential source of revenue for the nuclear-armed, sanctions-battered country. North Korean hackers have stolen billions of dollars from banks and cryptocurrency firms in the last several years, according to reports from the United Nations and private firms.
About half of North Korea’s missile program has been funded by such digital heists, a White House official said in 2023.
Last year, North Korean hackers stole $1.5 billion in cryptocurrency in a single attack in what was then the largest crypto hack on record.
“North Korea isn’t worried about its reputation or being eventually identified, so while these types of operations are very noisy and high profile, that’s a price they’re willing to pay,” said Ben Read, director of strategic threat intelligence at security firm Wiz, which is also owned by Google.
Hammond described the hack as “perfectly timed,” given the adoption of AI agents that develop software at organizations “without any review or guardrails.”
“The whole software supply chain’s biggest weakness has an open door in today’s era where too many people don’t read what gets put in the ingredients anymore,” Hammond told CNN.
The-CNN-Wire™ & © 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt News Channel 3-12.
Hence then, the article about north korean hackers bug software used by thousands of us companies in potential crypto heist attempt was published today ( ) and is available on News channel ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt )
Also on site :
- Hezbollah Denies Bahraini Interior Ministry& 039;s Baseless Allegations
- This 30-Year-Old Start to a Book Series Is Named the Best Epic Fantasy on Goodreads
- New Study Claims That Traveling Regularly Can Actually Help You Live Longer