Cybersecurity

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

52 sec read4 views0 listens

The security breach involving the axios package on npm is a significant concern for developers and organizations relying on this popular HTTP client library. Here's a summary of the key points from Google Threat Intelligence Group (GTIG) regarding this incident:

Overview

Threat Actor: UNC1069, a North Korea-nexus threat actor.
Attack Vector: Supply chain attack through npm package axios.
Compromised Versions:
- [email protected]
- [email protected]

Impact and Scope

The compromised versions were pushed to the official npm registry, affecting a wide range of projects that depend on these specific versions.
Hundreds of thousands of secrets could be at risk due to this supply chain attack.

Technical Details

C2 Infrastructure: sfrclak[.]com (IP: 142.11.206.73)
Malware Variant: WAVESHAPER.V2, a macOS and Linux backdoor.
Persistence Mechanism:
- On Windows, persistence is achieved by creating a hidden batch file (%PROGRAMDATA%\system.bat) and adding an

Read the full article at Threat Intelligence

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack

TeamPCP compromised the Checkmarx Jenkins plugin, defacing its GitHub repository and backdooring a release with malware. This attack highlights ongoing supply chain risks and underscores the need for developers to rigorously audit and secure their CI...

Ali Nemati

AI & Machine LearningApr 1459 sec read

axios npm Supply Chain Attack (March 31, 2026) - What Happened and How to Check Your Lock File Right Now

The article you've shared is a detailed and comprehensive analysis of the hypothetical "Axios npm Supply Chain Attack" that occurred in March 2026. It provides an in-depth look at how such an attack unfolds, its impact on developers and organizations...

Ali Nemati

CybersecurityApr 323 sec read

Axios NPM supply chain incident

Cisco Talos is investigating a supply chain attack on the Axios npm package, where two malicious versions were briefly deployed. This incident affects millions of users and could lead to credential theft and remote access by threat actors. Developers...

Ali Nemati

CybersecurityApr 322 sec read

This Week in Security: The Supply Chain Has Problems

A massive supply chain breach compromised the Axios HTTP project on npm, inserting malware through a new dependency and potentially infecting millions of builds. This highlights critical vulnerabilities in developer systems, CI/CD pipelines, and fina...

Ali Nemati

CybersecurityApr 223 sec read

From Axios NPM Supply Chain Attack to Tracking DPRK's BlueNoroff

A supply chain attack compromised the widely used Axios package in NPM, allowing attackers to inject malicious code. DCSO’s analysis links this activity to BlueNoroff, a North Korean threat actor known for similar techniques and financial motivations...

Ali Nemati

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

Overview

Impact and Scope

Technical Details

Related Articles

Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack

axios npm Supply Chain Attack (March 31, 2026) - What Happened and How to Check Your Lock File Right Now

Axios NPM supply chain incident

This Week in Security: The Supply Chain Has Problems

From Axios NPM Supply Chain Attack to Tracking DPRK's BlueNoroff