North Korea Linked to Axios Supply Chain Cyber Attack
Recent Cybersecurity Incidents
North Korean Hackers Compromise Axios Supply Chain
A significant cybersecurity incident occurred when North Korean threat actors compromised the supply chain of the popular JavaScript library axios. According to a report by Google Threat Intelligence Group, the compromise was carried out by the UNC1069 operation, a known North Korean threat group.
This attack marks another example of North Korea’s reliance on supply chain attacks to carry out its cryptocurrency heists, a tactic described by Google’s chief analyst as having “far-reaching impacts.” The axios compromise allowed the attackers to distribute Remote Access Trojans (RATs), which could potentially grant them unauthorized access to sensitive data.
Malicious Activity Spreads Across Europe
Phantom Stealer, a .NET-based malware, has been identified as being distributed through a multi-wave phishing operation targeting manufacturing, technology, and logistics organizations in Europe. The malware, part of the Phantom Project cybercrime kit, has been bundled with a crypter and a remote access tool.
Suspected China-linked threat actors have exploited a high-severity zero-day flaw in the TrueConf client video conferencing software, tracked as CVE-2026-3502. This vulnerability allowed them to compromise multiple Southeast Asian government organizations with the Havoc command-and-control framework as part of the TrueChaos campaign.
Iran-Linked Hackers Target Microsoft 365 Accounts
Over 300 organizations in Israel, more than 25 in the United Arab Emirates, and a limited number of entities in the US, Saudi Arabia, and Europe have had their Microsoft 365 environments targeted by Iran-nexus hackers as part of a password spraying campaign initiated in early March.