1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'Hundreds of thousands of stolen secrets could potentially be cir

    From TechnologyDaily@1337:1/100 to All on Wednesday, April 01, 2026 15:30:30
    'Hundreds of thousands of stolen secrets could potentially be circulating as
    a result of these recent attacks': Google says North Korean hackers behind major attack on Axios

    Date:
    Wed, 01 Apr 2026 14:15:00 +0000

    Description:
    North Korean hackers used an updated version of a known backdoor to target a popular npm package.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Google Threat Intelligence Group warns of active supply chain attack on npms Axios library Malicious dependency plain-crypto-js deployed WAVESHAPER.V2 backdoor across Windows, macOS, and Linux Attribution points to North Koreas UNC1069 group, known for
    long-running campaigns targeting cryptocurrency and software developers North Korean state-sponsored threat actors are targeting a hugely popular npm package in an attempt to infect its users with a malware .

    In a security advisory , Google s Threat Intelligence Group (GTIG) said it
    was monitoring an active software supply chain attack targeting Axios, the most popular JavaScript library used to simplify HTTP requests. It simplifies tasks like calling APIs, handling responses, and managing errors compared to using built-in tools like fetch or XMLHttpRequest. The hackers targeted two versions of the package - 1.14.1 and 0.30.4 - for which Google says typically have over 100 million and 83 million weekly downloads, respectively. They tried to introduce a malicious dependency named "plain-crypto-js", an obfuscated dropper that deploys the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux operating systems . Article continues below You may like North Korean hackers use AI-generated video to deliver malware for macOS and Windows North Korean job scammers target JavaScript and Python developers
    with fake interview tasks spreading malware North Korean hackers target Microsoft Virtual Studio Code Tying it to North Korea Google described WAVESHAPER.V2 as a fully functional RAT, capable of reconnaissance
    (extracting telemetry), command execution (in-memory Portable Executable injection and arbitrary shell commands), and system enumeration (returns detailed metadata).

    It was written in C++, but other variants were discovered, written in PowerShell and Python, to target different environments.

    It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an updated version of WAVESHAPER, a backdoor that was previously used by a North Korea-nexus threat actor called UNC1069.

    Further, analysis of infrastructure artifacts used in this attack shows overlaps with infrastructure used by UNC1069 in past activities, Google said. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    UNC1069 has apparently been active since at least 2018, making it one of the longer-standing threat actor groups out there. Earlier this year, Mandiant observed it using a combination of compromised Telegram accounts, fake Zoom calls, deepfake videos, and half a dozen malware strains, to target organizations in the cryptocurrency sector and steal their crypto stacks. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hundreds-of-thousands-of-stolen-secrets -could-potentially-be-circulating-as-a-result-of-these-recent-attacks-google-s ays-north-korean-hackers-behind-major-attack-on-axios


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)