Axios Software Tool Used by Millions Compromised in Hack
Axios, a tool widely used to develop software applications, was compromised overnight, introducing a vulnerability in a key part of the internet’s plumbing.
An unknown hacker was able to breach one of the few accounts that can release new versions of Axios late Monday and published malicious versions of it. Axios, or Axios NPM, is a client that software developers use to send requests to servers — allowing software to connect to the web — and is downloaded about 80 million times every week. The extent of the damage and the purpose of the breach is still unclear.
The malicious code could be used to breach major operating systems including Windows, MacOS and Linux, according to John Hammond, senior principal security researcher at the cybersecurity firm Huntress. “The scope of this compromise is significant” because of how widespread the Axios product is, he said. The risk is that any person who has downloaded the malicious version of Axios could then have their own computer — and the data stored on it — stolen by hackers.
Related: Cyber Claim Severity Nearly Doubled for Large Businesses, Chubb Says
This type of supply-chain hack has become more common in recent years. Some have been highly damaging. In 2020, a suspected Russian state sponsored group breached software manufactured by the U.S. company SolarWinds and deployed a malicious update, which led to follow-on compromises at nine U.S. government agencies and about 100 companies.
“The primary concern is no longer initial access alone, but the potential blast radius and the extent of any compromise already established,” Jon Robertson, managing director at Australian cybersecurity firm Tarian Cyber, said in an email.
Robertson and Hammond each said they’d seen an impact from the attack by Tuesday morning. Robertson said software development companies and internal developers had been affected by the hack. Hammond had identified at least 135 compromised computers.
Axios is maintained by a community of contributors on the Github platform, rather than by a single company, and its code can be viewed by anyone. The hackers targeted one of the main developers responsible for maintaining it, breaching his Github account, according to researchers who examined the attack, including StepSecurity.
Top photo: In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. (Photo by Sean Gallup/Getty Images). Bloomberg.