OpenAI has confirmed its involvement as one of the entities impacted by the recent Axios supply chain cyberattack, believed to be orchestrated by hackers associated with North Korea. This revelation comes as part of a larger investigation into the breach affecting numerous organizations.
Details of the Axios Supply Chain Incident
Axios, a vital open-source JavaScript library used for HTTP requests, plays a crucial role in both web and Node.js applications. With over 100 million weekly downloads, it serves as a dependency for numerous development projects globally. In late March, attackers managed to compromise the NPM account of a key Axios maintainer, subsequently distributing two malicious NPM packages.
These packages aimed to deploy a cross-platform Remote Access Trojan (RAT) capable of operating on Windows, macOS, and Linux systems. Although the malicious packages were identified and taken down within hours, the rapid propagation had already left many organizations vulnerable, including OpenAI.
OpenAI’s Response and Investigation
OpenAI reported that during the attack, a GitHub Actions workflow used in their macOS application signing process inadvertently downloaded and executed a compromised version of Axios, specifically version 1.14.1. This workflow had access to critical certification and notarization resources used in signing applications like ChatGPT Desktop and Codex.
The AI company assured that based on their investigation, the macOS signifying certificate remains uncompromised, yet as a precautionary step, they have decided to revoke and replace the certificate. OpenAI has halted new software notarizations using the previous certificate to ensure security integrity.
Implications and Future Measures
Should the certificate have been compromised, there would be a risk of malicious actors signing harmful code under the guise of legitimate OpenAI software. However, OpenAI has taken steps to mitigate such risks by blocking unauthorized software signed with the old certificate through macOS security measures.
As part of its security strategy, OpenAI plans to completely revoke the old certificate by May 8th, 2026, ensuring that any applications signed with it will be blocked from downloading or launching.
The extent of the impact remains under scrutiny, with cybersecurity firms like Huntress identifying 135 compromised machines and Wiz noting that 3% of environments executed the malicious version. The North Korean group UNC1069, linked to this attack, is primarily known for cyber theft and financial schemes, raising concerns over potential espionage activities.
This incident highlights the growing vulnerabilities within supply chain networks and emphasizes the need for robust security measures in open-source software dependencies.
