North Korean Hackers Target Axios Software in Cryptocurrency Theft Attempt

Severity: High (Score: 72.6)

Sources: Nknews, Benzinga

Summary

On April 1, 2026, North Korean hackers compromised Axios, a software tool used by thousands of companies, in an attempt to steal cryptocurrency. The hackers gained control of the software developer's account for three hours, deploying malicious updates to organizations that utilize the tool. Axios is particularly relevant to cryptocurrency firms and tech companies, raising concerns about the potential for further supply chain attacks and ransomware incidents. Google Threat Intelligence Group attributed the breach to a financially motivated North Korea-linked threat actor, indicating a continuation of the regime's long-term campaign to fund its nuclear programs through cryptocurrency theft. In 2025, North Korean hackers stole over $2 billion in cryptocurrency, marking a significant increase from previous years. Security experts warn that this incident could lead to more extensive cyber threats in the near future. Key Points: • North Korean hackers compromised Axios software used by many companies for three hours. • The attack aimed to facilitate cryptocurrency theft to fund North Korea's nuclear programs. • This incident is part of a broader trend of increasing cryptocurrency theft by North Korean cybercriminals.

Key Entities

• Data Breach (attack_type)
• Supply Chain Attack (attack_type)
• Axios (platform)
• North Korea (country)
• shutterstock.com (domain)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)