OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
securityweek
OpenAI revealed on Friday that it’s one of many organizations affected by the recent Axios supply chain attack, which cybersecurity experts have attributed to North Korean hackers.
Axios is a widely used open source JavaScript HTTP client library for making requests in web and Node.js applications. It has over 100 million weekly downloads and is a dependency in countless developer projects and production systems.
In late March, attackers compromised the NPM account of a lead Axios maintainer and published two malicious NPM packages designed to download and execute a cross-platform RAT capable of running on Windows, macOS, and Linux.
The malicious packages were live for only a few hours before being detected and removed, but many organizations may have been affected.
One of them is OpenAI, which detailed its investigation and remediation efforts, as well as its root cause analysis, in a blog post published on Friday.
“A ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE