A software supply chain attack compromised npm packages of Axios, a popular HTTP client library. Financially-motivated North Korean attackers are believed to be responsible for this incident. Links to UNC1069 suggest their involvement. On March 31, 2026, unknown attackers published two backdoored Axios npm packages. This was achieved after gaining access to a maintainer’s npm account.
A software supply chain attack compromised npm packages of Axios, a popular HTTP client library. Financially-motivated North Korean attackers are believed to be responsible for this incident. Links to UNC1069 suggest their involvement. On March 31, 2026, unknown attackers published two backdoored Axios npm packages.
This was achieved after gaining access to a maintainer’s npm account. The malicious versions introduced a hidden dependency containing a post-install script. This script executed automatically during installation, posing a significant security risk to users.
The post North Korean hackers linked to Axios npm supply chain compromise appeared first on Help Net Security.