OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

Summary

OpenAI disclosed that it was impacted by a supply chain attack targeting the widely-used Axios JavaScript library, attributed to North Korean threat group UNC1069. Attackers compromised an Axios maintainer's npm account and published malicious packages (version 1.14.1) containing a cross-platform RAT that executed in OpenAI's macOS app-signing workflow, potentially exposing code-signing certificates for ChatGPT Desktop and other products. OpenAI has revoked and rotated affected certificates as a precaution, though it believes the certificate itself was not compromised based on timing analysis.

Full text

OpenAI revealed on Friday that it’s one of many organizations affected by the recent Axios supply chain attack, which cybersecurity experts have attributed to North Korean hackers. Axios is a widely used open source JavaScript HTTP client library for making requests in web and Node.js applications. It has over 100 million weekly downloads and is a dependency in countless developer projects and production systems. In late March, attackers compromised the NPM account of a lead Axios maintainer and published two malicious NPM packages designed to download and execute a cross-platform RAT capable of running on Windows, macOS, and Linux. The malicious packages were live for only a few hours before being detected and removed, but many organizations may have been affected. One of them is OpenAI, which detailed its investigation and remediation efforts, as well as its root cause analysis, in a blog post published on Friday. “A GitHub Actions workflow we use in the macOS app-signing process downloaded and executed a malicious version of Axios (version 1.14.1),” OpenAI explained. “This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas. This certificate helps customers know that software comes from the legitimate developer, OpenAI.”Advertisement. Scroll to continue reading. The timing of the payload execution and other factors have led the AI giant to believe that the macOS signifying certificate has not been compromised. However, the company has decided to revoke and rotate the certificate as a precaution. If, however, the certificate was indeed compromised, the attacker could abuse it to sign malicious code and disguise it as legitimate OpenAI software. “We have stopped new software notarizations using the old certificate, so new software signed with the old certificate by an unauthorized third party would be blocked by default by macOS security protections unless a user explicitly bypasses them,” OpenAI said, adding, “Once we fully revoke our certificate on May 8th, 2026, new downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections.” It’s unclear exactly how many Axios users were affected, but cybersecurity firm Huntress found evidence of compromise on 135 machines, and cloud security giant Wiz observed the malicious version executed in 3% of affected environments. While the access provided by the Axios supply chain attack may be useful for espionage, the North Korean threat group linked to the campaign, UNC1069, is primarily known for cryptocurrency theft and other money-making schemes. Related: CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads Related: Telnyx Targeted in Growing TeamPCP Supply Chain Attack Related: Guardarian Users Targeted With Malicious Strapi NPM Packages Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet UsersApple Intelligence AI Guardrails Bypassed in New AttackAdobe Reader Zero-Day Exploited for Months: Researcher$3.6 Million Stolen in Bitcoin Depot HackData Leakage Vulnerability Patched in OpenSSLMassachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking Latest News International Operation Targets Multimillion-Dollar Crypto Theft SchemesCPUID Hacked to Serve Trojanized CPU-Z and HWMonitor DownloadsFake Claude Website Distributes PlugX RATGmail Brings End-to-End Encryption to Android and iOS for Enterprise UsersAdobe Patches Reader Zero-Day Exploited for MonthsIn Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer HackJuniper Networks Patches Dozens of Junos OS VulnerabilitiesIndustry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveThe United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure.Black Duck has named Dom Glavach as Chief Information Security Officer.Finite State has named Ann Miller as Vice President of Marketing.More People On The MoveExpert Insights The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Axios 1.14.1 (malicious npm package)

Entities