The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers.
Links to UNC1069
On March 31, 2026, unknown attackers managed to publish two backdoored Axios npm packages after gaining access to a maintainer’s npm account.
The malicious versions introduced a hidden dependency containing a post-install script, and this script executed automatically during installation and attempted to download and run additional payloads from the attacker-controlled infrastructure.
The goal was to deploy malware capable of remote access and system compromise, potentially allowing attackers to steal sensitive data or move laterally within affected environments.
The stealth and sophistication of the attack pointed to skilled attackers. The injected code was minimal and designed to evade detection and the malicious behavior was offloaded to the external dependency and remote payload, which made it harder for developers or automated tools to quickly identify the compromise.
The attribution of the attack was made by Google Threat Intelligence Group (GTIG) researchers and Mandiant analysts, based on the backdoor that was deployed on victim systems and the command and control (C2) infrastructure used.
“The platform-specific payloads ultimately deploy variants of a backdoor tracked by GTIG as WAVESHAPER.V2, a backdoor written in C++ that targets macOS to collect system information, enumerate directories, or execute additional payloads and that connects to the C2 provided via command-line arguments,” the researchers noted.
Additional variants of WAVESHAPER.V2 have been written in PowerShell and Python to target Windows and Linux environments, respectively. The backdoor acts as a remote access trojan and is capable of system reconnaissance, file system enumeration, and code execution.
Previous versions of the backdoor were used by a North Korea-nexus threat actor GTIG calls UNC1069, which has been active since at least 2018 and is known for targeting organizations to steal cryptocurrency.
“Analysis of the C2 infrastructure (sfrclak[.]com resolving to 142.11.206.73) revealed connections from a specific AstrillVPN node previously used by UNC1069. Additionally, adjacent infrastructure hosted on the same ASN has been historically linked to UNC1069 operations,” they added.
Further breaches expected
The exposure window was short – the malicious Axios npm versions were available less than three hours before being removed – but even such a short-lived compromise is expected to have a wide impact.
“This compromise is particularly significant because Axios is a widely used library and is often included as a transitive dependency across millions of applications,” noted Andres Ramos, Senior Threat Intelligence Researcher at Arctic Wolf.
“Organisations that install npm packages in CI/CD pipelines may have automatically pulled the malicious versions into build environments during the ~3-hour window Even systems that did not directly install Axios could be indirectly impacted if another package in the environment depended on the compromised versions, highlighting the broader downstream risk across modern JavaScript ecosystems.”
Various security companies have offered remediation advice for potentially affected developers and organizations, as well as threat detection rules, and advice aimed at preventing similar attacks affecting them in the future.
Similarly, many companies have provided advice for those affected by the other supply chain attacks that happened in the last few days and targeted open-source projects like the Trivy security scanner, the LiteLLM library, and Telnyx on PyPI.
Those attacks have all been attributed to the financially-motivated TeamPCP – or, as GTIG calls them, UNC6780 – and there’s reports that the secrets harvested in those attacks will be used by “partnering” groups like the Vect ransomware-as-a-service (RaaS) and extortion groups like Lapsus$.
“Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks. This could enable further software supply chain attacks, software as a service (SaaS) environment compromises (leading to downstream customer compromises), ransomware and extortion events, and cryptocurrency theft over the near term,” GTIG researchers warned.
“Defenders should pay close attention to these campaigns, and enterprises should initiate dedicated efforts to assess the existing impact, remediate compromised systems, and harden environments against future attacks.”
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
