North Korean Hackers Target U.S. Firms in Supply-Chain Attack to Fund Nuclear Program
A suspected North Korean hacking group compromised a software developer’s account tied to Axios, a widely used tool for connecting applications and web services, in a supply-chain attack aimed at stealing cryptocurrency. The breach occurred on Tuesday morning, when attackers gained control of the developer’s account for three hours, pushing malicious updates to organizations that downloaded the software including cryptocurrency firms, blockchain developers, and tech companies in the crypto sector.
Security experts warn the incident is part of a long-term campaign by Pyongyang to siphon digital assets, which are reportedly funneled into funding North Korea’s nuclear and missile programs. Google’s Threat Intelligence Group detected similar activity, attributing the attack to a financially motivated North Korea-linked threat actor. The group’s analysis suggests the breach could lead to further supply-chain attacks, ransomware operations, or additional cryptocurrency theft in the near term.
This attack aligns with a broader trend of escalating cybercrime by North Korean operatives. In 2025, hackers from the country stole $2.02 billion in cryptocurrency a 51% increase from the previous year marking the most lucrative period yet for such thefts, according to blockchain analytics firm Chainalysis. The incident underscores the regime’s reliance on cyber heists as a critical revenue stream amid international sanctions.
Axios cybersecurity rating report: https://www.rankiteo.com/company/axios-media
Google Research cybersecurity rating report: https://www.rankiteo.com/company/googleresearch
"id": "AXIGOO1775048584",
"linkid": "axios-media, googleresearch",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Cryptocurrency firms, '
'blockchain developers, tech '
'companies in the crypto sector',
'industry': 'Technology',
'location': 'U.S.',
'name': 'Axios (software developer)',
'type': 'Software Developer'}],
'attack_vector': 'Compromised developer account',
'data_breach': {'sensitivity_of_data': 'High (financial assets)',
'type_of_data_compromised': 'Cryptocurrency-related data'},
'date_detected': '2025-01-07T00:00:00Z',
'description': 'A suspected North Korean hacking group compromised a software '
'developer’s account tied to Axios, a widely used tool for '
'connecting applications and web services, in a supply-chain '
'attack aimed at stealing cryptocurrency. The breach occurred '
'when attackers gained control of the developer’s account for '
'three hours, pushing malicious updates to organizations that '
'downloaded the software, including cryptocurrency firms, '
'blockchain developers, and tech companies in the crypto '
'sector.',
'impact': {'data_compromised': 'Potential cryptocurrency theft',
'systems_affected': 'Organizations using Axios software '
'(cryptocurrency firms, blockchain developers, '
'tech companies)'},
'initial_access_broker': {'entry_point': 'Compromised developer account',
'high_value_targets': 'Cryptocurrency firms, '
'blockchain developers'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (cryptocurrency theft to fund nuclear/missile '
'programs)',
'post_incident_analysis': {'root_causes': 'Compromised developer account, '
'supply-chain vulnerability'},
'references': [{'source': 'Google’s Threat Intelligence Group'},
{'source': 'Chainalysis'}],
'response': {'third_party_assistance': 'Google’s Threat Intelligence Group'},
'threat_actor': 'North Korea-linked threat actor',
'title': 'North Korean Hackers Target U.S. Firms in Supply-Chain Attack to '
'Fund Nuclear Program',
'type': 'Supply-Chain Attack'}