North Korean Hackers Infiltrate Axios: What Happened and How to Protect Your Systems

The recent software supply chain attack on the widely used Axios NPM package has raised alarms across the developer community. This incident, attributed to a North Korea-linked threat actor known as UNC1069, illustrates the evolving tactics of financially motivated cybercriminals. Here, we answer key questions about the attack, its impact, and the steps you can take to defend your projects.

What Is the Axios Supply Chain Attack?

On March 31, 2026, between 00:21 and 03:20 UTC, an attacker injected a malicious dependency called plain-crypto-js into two versions of the Axios NPM package: 1.14.1 and 0.30.4. Axios is a leading JavaScript library for making HTTP requests, with over 100 million weekly downloads for the primary version and 83 million for the older one. The compromised packages automatically executed a hidden dropper named setup.js via NPM's postinstall hook. This dropper—a payload known as SILKBELL—installs the WAVESHAPER.V2 backdoor on Windows, macOS, or Linux systems. Google Threat Intelligence Group (GTIG) identified the attack and linked it to UNC1069, a North Korean threat actor active since at least 2018.

Who Is Behind the Attack?

GTIG attributes this activity to UNC1069, a financially motivated North Korea-nexus threat actor. UNC1069 has been active since at least 2018 and previously used an earlier version of the WAVESHAPER backdoor. The attacker compromised an Axios maintainer's account, changing the associated email to ifstap@proton.me to gain control. Infrastructure artifacts from this attack overlap with those used by UNC1069 in prior campaigns, confirming the link. This group is known for targeting cryptocurrency and financial services, but this supply chain attack widens their reach by compromising a dependency used by countless developers worldwide.

How Did the Attacker Compromise Axios?

The attacker gained access by compromising the legitimate Axios package maintainer's account. They altered the account's email address to their own (ifstap@proton.me) and then published the malicious versions of Axios (1.14.1 and 0.30.4). Inside the package, they added a dependency called plain-crypto-js (version 4.2.1). This dependency contained a package.json file with a postinstall script that executed node setup.js automatically upon installation. The attacker used an obfuscated dropper to avoid immediate detection, hiding command-and-control URLs and OS-specific commands with custom XOR and Base64 encoding. After the payload was deployed, the script attempted to delete itself and revert the package.json to erase traces of the malicious hook.

What Does the Malware Do?

The core component, SILKBELL (setup.js), is a dropper that identifies the operating system (Windows, macOS, or Linux) and then delivers a platform-specific payload. For Windows, it deploys the WAVESHAPER.V2 backdoor—a sophisticated tool that can exfiltrate data, execute commands, and maintain persistence. On macOS and Linux, the dropper uses similar but adapted routines. The backdoor connects to a command-and-control server to receive instructions. The malware also attempts to self-delete and clean the package.json file to hinder forensic analysis. This cross-platform capability makes it particularly dangerous because it can compromise any development environment that installs the affected Axios version.

How Can Developers Detect This Threat?

Developers should immediately check their package-lock.json or yarn.lock for any reference to plain-crypto-js (version 4.2.1 or any version). If present, they should assume compromise. Look for unexpected postinstall scripts in dependencies—benign packages rarely use them. Monitor for outbound connections to suspicious IPs or domains (GTIG will likely publish indicators). Additionally, review the integrity of your Axios installation: any version 1.14.1 or 0.30.4 installed between March 31, 2026, 00:21 and 03:20 UTC is affected. Running npm audit may not detect this because the malicious package was published under a legitimate-sounding name. Manual verification is essential until official mitigations are released.

What Should Organizations Do to Mitigate?

First, immediately roll back to a known-safe version of Axios (e.g., 1.14.0 or 0.30.3) and clear any cached versions. Then, scan all systems—especially CI/CD pipelines and production servers—for plain-crypto-js. If found, isolate affected machines and review logs for signs of backdoor activity (unusual outbound traffic, new processes). Reset credentials for any accounts that may have been exposed. GTIG recommends monitoring for WAVESHAPER.V2 indicators: look for files droppped in temp directories with random names, persistence mechanisms like scheduled tasks or launch agents, and connections to known malicious IPs. Finally, enforce strict dependency scanning using tools like Snyk or npm audit with custom rules, and consider using npm shrinkwrap to lock down allowed packages.

Why Is This Attack Significant?

This attack highlights the growing threat of supply chain compromise targeting essential open-source libraries. Axios is used by millions of projects—including those at major companies—meaning the impact could be enormous. The involvement of UNC1069, a state-sponsored group, indicates that even financially motivated actors are now using sophisticated methods to gain initial access. The fact that the attacker modified the maintainer account's email before publishing shows a high level of planning. Moreover, the cross-platform payload delivery means no operating system is safe. This incident should serve as a wake-up call for the developer community to invest in better dependency security, code-review processes, and incident response plans for open-source components.

What Lessons Can We Learn from the Axios Attack?

Key takeaways include the necessity of multi-factor authentication for package publishing accounts, as a simple credential compromise allowed the attack. Developers must also scrutinize all dependencies for unusual scripts or files—especially postinstall hooks. Automated CI/CD pipelines should incorporate checksum verification of critical packages. Additionally, the use of obfuscated code should trigger immediate investigation. Finally, the incident underscores the value of rapid detection and sharing of threat intelligence, as GTIG's quick analysis enabled this disclosure. For the open-source ecosystem, stronger governance and automated scanning for compromised accounts could prevent future attacks. Every developer should treat every npm install as a potential security event.