North Korean hackers Axio - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  North Korean hackers Axio
De:       Mike Powell
Data:     Thu, 2 Apr 2026 10:49:53 -0500
-----------------------------------------------------------
'Hundreds of thousands of stolen secrets could potentially be circulating as 
a result of these recent attacks': Google says North Korean hackers behind
major attack on Axios

Date:
Wed, 01 Apr 2026 14:15:00 +0000

Description:
North Korean hackers used an updated version of a known backdoor to target a
popular npm package.

FULL STORY
North Korean state-sponsored threat actors are targeting a hugely popular npm
package in an attempt to infect its users with a malware . 

In a security advisory , Google s Threat Intelligence Group (GTIG) said it 
was monitoring an active software supply chain attack targeting Axios, the
most popular JavaScript library used to simplify HTTP requests. It simplifies
tasks like calling APIs, handling responses, and managing errors compared to
using built-in tools like fetch or XMLHttpRequest. The hackers targeted two
versions of the package - 1.14.1 and 0.30.4 - for which Google says typically
have over 100 million and 83 million weekly downloads, respectively. They
tried to introduce a malicious dependency named "plain-crypto-js", an
obfuscated dropper that deploys the WAVESHAPER.V2 backdoor across Windows,
macOS, and Linux operating systems .

Tying it to North Korea Google -- described
WAVESHAPER.V2 as a fully functional RAT, capable of reconnaissance 
(extracting telemetry), command execution (in-memory Portable Executable
injection and arbitrary shell commands), and system enumeration (returns
detailed metadata). 

It was written in C++, but other variants were discovered, written in
PowerShell and Python, to target different environments. 

It is exactly this backdoor that had Google conclude this was a North
Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an updated version of
WAVESHAPER, a backdoor that was previously used by a North Korea-nexus threat
actor called UNC1069. 

Further, analysis of infrastructure artifacts used in this attack shows
overlaps with infrastructure used by UNC1069 in past activities, Google said.

UNC1069 has apparently been active since at least 2018, making it one of the
longer-standing threat actor groups out there. Earlier this year, Mandiant
observed it using a combination of compromised Telegram accounts, fake Zoom
calls, deepfake videos, and half a dozen malware strains, to target
organizations in the cryptocurrency sector and steal their crypto stacks.

Link to news story:
https://www.techradar.com/pro/security/hundreds-of-thousands-of-stolen-secrets
-could-potentially-be-circulating-as-a-result-of-these-recent-attacks-google-s
ays-north-korean-hackers-behind-major-attack-on-axios

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/107)

-----------------------------------------------------------
[Voltar]