Suspected hackers linked to North Korea have executed a supply-chain attack on the Axios software package, which is extensively utilized across various sectors in the United States for website and application development. This breach could expose numerous US firms to credential theft and malware attacks. Security researchers reported that the hackers accessed the account of a software developer maintaining Axios for at least three hours, allowing them to push malicious updates to users who downloaded the software during that time. Google-owned cyber-intelligence firm Mandiant confirmed the involvement of a North Korean hacking group and cautioned that the attackers might aim to steal cryptocurrency from affected enterprises. A researcher from Huntress identified approximately 135 compromised devices across 12 companies, indicating that the total impact could be significantly larger. The compromised software could affect systems running macOS, Windows, and Linux, increasing the risk for a broad range of developers and enterprises. North Korea's hacking operations have been a critical revenue source for the country, with past reports indicating that hackers have stolen billions, including $1.5 billion in cryptocurrency in a single attack in 2025.