The assault follows a collection of provide chain assaults that impacted a number of open-source tasks throughout totally different package deal repositories over the previous a number of weeks, most of them attributed to a gaggle generally known as TeamPCP. Nevertheless, the Google Menace Intelligence Group (GTIG) has attributed the Axios assault to a North Korean risk actor it tracks as UNC1069.
“North Korean hackers have deep expertise with provide chain assaults, which they’ve traditionally used to steal cryptocurrency,” stated John Hultquist, chief analyst with GTIG. “The total breadth of this incident remains to be unclear, however given the recognition of the compromised package deal, we anticipate it’s going to have far reaching impacts.”
Of their evaluation, Snyk researchers additionally famous the sophistication of strategies concerned within the assault.
“The attacker additionally confirmed significant operational sophistication, pre-staging the malicious dependency, utilizing a ‘clear’ model historical past, double-obfuscating the dropper, constructing platform-specific RATs, and implementing anti-forensic self-deletion,” the Snyk researchers stated of their report. “This was not opportunistic.”
