Hackers linked to North Korea breached behind-the-scenes software that runs many common online functions in an effort to steal login information that could enable further cyber operations, Google said on Tuesday.
The breach occurred when attackers gained access to a programme known as Axios, which connects apps and web services, for a brief period.
By adding malicious software to an update issued on Monday, the hackers targeted the organisations that downloaded the software, potentially exposing systems across sectors ranging from healthcare to finance and technology.
“Every time you load a website, check your bank balance, or open an app on your phone, there’s a good chance Axios is running somewhere in the background making that work,” said Tom Hegel, a senior researcher at SentinelOne, an AI-powered cybersecurity platform, told Reuters.
Cybersecurity experts said the sweeping supply-chain attack could impact thousands of US companies, CNN reported.
The malicious software, which has since been removed, could have given hackers access to a computer's data including access credentials, which can then be used to carry out additional data theft or other kinds of attacks.
The cyber researchers described the breach as a supply chain attack, in which the hack could enable attacks on downstream entities.
“You don’t have to click anything or make a mistake,” Hegel said. “The software you already trust did it for you.”
Experts say the nature of supply chain attacks makes them particularly dangerous, as they exploit trusted software updates to infiltrate multiple organisations at once. The growing use of automated tools and AI-driven software development may further increase such risks.
Google attributed the hack to UNC1069, a group it tracks.
The internet giant said in a February report the group has operated since at least 2018 and is known for targeting the cryptocurrency and financial industries.
“North Korean hackers have deep experience with supply chain attacks, which they primarily use to steal cryptocurrency,” John Hultquist, chief analyst for Google's threat intelligence group, said in a statement.
According to reports from the United Nations and private cybersecurity firms, North Korean hackers have stolen billions of dollars from financial institutions and cryptocurrency platforms in recent years.
US officials have previously said that a significant portion of Pyongyang's missile programme has been funded through such cyber theft. In one major incident last year, North Korean hackers reportedly stole $1.5 billion in cryptocurrency in a single attack, marking one of the largest digital heists on record.
North Korea uses stolen crypto to fund its weapons and other programmes and evade sanctions, according to the US government.
