Home > National > North Korea

Hackers linked to Pyongyang planted malicious code in Axios update, Google says

Published: 01 Apr. 2026, 16:25 Updated: 01 Apr. 2026, 18:29

A North Korean hacker. Image has been used for reference. [GETTY IMAGES]

North Korean-linked hackers planted malicious code in widely used open-source software in an attempt to steal login credentials, Google said on Tuesday.

The hackers reportedly inserted malicious code into an update of the open-source program Axios on Monday.

Axios functions as “data pipeline” software that enables web browsers or apps to exchange information with servers. Anyone can review and freely modify its source code.

Experts said that if the malicious code were to gain control of data access permissions on a computer, it could lead to serious damage, including the theft of login credentials and additional data breaches.

The malicious code was discovered and removed within a day, but it remains unclear how many times the compromised program was downloaded.

In an analysis, the cybersecurity firm Elastic Security noted that the malware was tailored to Mac, Windows and Linux operating systems, indicating that the hackers had secured a delivery mechanism capable of infiltrating millions of systems.

Google attributed the attack to UNC1069, a North Korean-linked hacking group known to target the cryptocurrency and financial sectors, and is believed to have been active since at least 2018.

Google warned of UNC1069’s activities in a report released in February.

John Hultquist, chief analyst at Google Threat Intelligence, described the group in an X post on Wednesday as “financially motivated,” noting that North Korea “historically leveraged supply chain attacks to target crypto.”

Pyongyang is believed to be stealing cryptocurrency through hacking to secure funds for weapons programs and evade international sanctions.

Tom Hegel, a researcher at the cybersecurity firm SentinelOne, noted that Axios is likely operating behind nearly every routine activity, such as accessing websites, checking bank balances or using smartphone apps.

“You don’t have to click anything or make a mistake,” Hegel was quoted as saying by Reuters. “The ⁠software you already trust did it for you.”

North Korea’s mission to the United Nations did not respond to a request for comment from Reuters.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY JUNG SI-NAE [[email protected]]