North Korean state-sponsored threat actor
Appears in 1 story
Attributed perpetrator of the Axios npm supply chain attack
Axios is installed in roughly 80% of cloud and code environments and downloaded over 100 million times per week. On March 31, 2026, a North Korean hacking group hijacked the npm account of its lead maintainer and published two backdoored versions with a cross-platform remote access trojan. They were live for nearly three hours before being noticed. Google's Threat Intelligence Group formally attributed the attack to UNC1069, a financially motivated North Korean threat cluster active since at least 2018.
Updated May 30
No stories match your search
Try a different keyword
How would you like to describe your experience with the app today?