John Hultquist

Notable Quotes

"The full extent of this incident is still unknown, but given the popularity of the compromised packages, we expect it to have far-reaching impact." — Statement to SecurityWeek, April 1, 2026

from North Korean hackers compromise Axios, one of the most-used packages in the npm ecosystem · Updated 3 hours ago

Stories

North Korean hackers compromise Axios, one of the most-used packages in the npm ecosystem

Force in Play

Led public attribution of the Axios compromise to UNC1069

Axios is installed in roughly 80% of cloud and code environments and downloaded over 100 million times per week. On March 31, 2026, a North Korean hacking group hijacked the npm account of its lead maintainer, published two backdoored versions containing a cross-platform remote access trojan, and had them live for nearly three hours before anyone noticed. Google's Threat Intelligence Group formally attributed the attack to UNC1069, a financially motivated North Korean threat cluster active since at least 2018.

Updated 3 hours ago

John Hultquist

Notable Quotes

Stories

North Korean hackers compromise Axios, one of the most-used packages in the npm ecosystem

Help us improve Newzino