North Korean hackers compromise Axios, one of the most-used packages in the npm ecosystem

Overview

Axios is installed in roughly 80% of cloud and code environments and downloaded over 100 million times per week. On March 31, 2026, a North Korean hacking group hijacked the npm account of its lead maintainer, published two backdoored versions containing a cross-platform remote access trojan, and had them live for nearly three hours before anyone noticed. Google's Threat Intelligence Group formally attributed the attack to UNC1069, a financially motivated North Korean threat cluster active since at least 2018.

Why it matters

Any developer who ran npm install during a three-hour window may have handed a North Korean hacking group full access to their machine.

Key Indicators

~100M

Weekly Axios downloads

Axios is one of the ten most-downloaded packages in the entire npm registry.

80%

Cloud environments using Axios

Wiz estimates Axios is present in roughly four out of five cloud and code environments.

~3 hrs

Malicious versions live on npm

The backdoored packages were published at 00:21 UTC and removed by approximately 03:15 UTC on March 31.

Axios users who downloaded compromised versions

During the exposure window, roughly 3% of the Axios userbase pulled the malicious packages.

Malicious versions published

Attackers published axios@1.14.1 and axios@0.30.4, targeting both the current and legacy release branches.

Interactive

Exploring all sides of a story is often best achieved with Play.

Ever wondered what historical figures would say about today's headlines?

Debate Arena

Two rounds, two personas, one winner. You set the crossfire.

People Involved

John Hultquist

Led public attribution of the Axios compromise to UNC1069

Jason Saayman

Account compromised; cooperating with investigation

Organizations Involved

UNC1069

North Korean state-sponsored threat actor

Attributed perpetrator of the Axios npm supply chain attack

A financially motivated North Korean hacking group that has evolved from spear-phishing cryptocurrency exchanges to executing sophisticated supply chain attacks against open-source software.

Google Threat Intelligence Group (GTIG)

Cybersecurity research division

Attributed the Axios attack to UNC1069

Google's threat intelligence arm, built from its 2022 acquisition of Mandiant, which tracks and publicly attributes state-sponsored cyber operations worldwide.

npm (GitHub/Microsoft)

Package registry

Removed malicious packages; investigating security gaps

The default package registry for JavaScript and Node.js, hosting over two million packages and serving billions of downloads monthly.

Timeline

Google attributes Axios attack to North Korean group UNC1069
Attribution

Google's Threat Intelligence Group publicly linked the Axios compromise to UNC1069 based on the use of WAVESHAPER.V2, an updated version of a backdoor previously attributed to the group. Chief analyst John Hultquist warned of "far-reaching impact."
Today
Attacker publishes backdoored Axios 1.14.1 to npm
Supply chain attack

After compromising lead maintainer Jason Saayman's npm account and changing the account email, the attacker published axios@1.14.1 with a hidden dependency on the malicious plain-crypto-js package. Version 0.30.4 followed at 01:00 UTC.
Yesterday • 00:21 UTC
Malicious Axios versions removed from npm
Remediation

The backdoored packages were identified and pulled from the npm registry roughly three hours after publication. During this window, approximately 3% of the Axios userbase downloaded the compromised versions.
Yesterday • ~03:15 UTC
UNC1069 targets crypto firms with AI-generated deepfakes
North Korean attack

Google reported that UNC1069 was using AI-generated video and the ClickFix social engineering technique to compromise cryptocurrency and decentralized finance companies.
February 1st, 2026
npm revokes all classic long-lived tokens
Security measure

GitHub permanently revoked all legacy npm tokens and required migration to short-lived granular tokens with a 90-day maximum lifetime, aiming to close the exact type of vulnerability later exploited in the Axios attack.
December 9th, 2025
Shai-Hulud worm infects hundreds of npm packages
Supply chain attack

A self-replicating worm compromised over 500 npm packages by harvesting npm tokens and automatically publishing malicious versions of any packages it could access. The Cybersecurity and Infrastructure Security Agency (CISA) issued a formal advisory.
September 15th, 2025
3CX desktop app compromised in double supply chain attack
North Korean attack

North Korea's Lazarus Group compromised the 3CX business phone application through a cascading supply chain attack that traced back to a compromised financial trading platform. The attack affected up to 600,000 companies.
March 29th, 2023
npm mandates 2FA for top-100 package maintainers
Security measure

GitHub began requiring two-factor authentication for maintainers of the most-depended-on npm packages, later expanding the requirement to all packages with over one million weekly downloads.
February 1st, 2022
SolarWinds supply chain attack disclosed
Historical precedent

Russian intelligence compromised SolarWinds' Orion update mechanism, affecting approximately 18,000 customers including multiple U.S. federal agencies. The attack redefined supply chain risk.
December 13th, 2020
Event-stream npm package hijacked to steal Bitcoin
Historical precedent

A malicious actor social-engineered maintainership of the event-stream package (2 million weekly downloads) and injected code targeting the Copay Bitcoin wallet. The backdoor went undetected for two months.
November 26th, 2018

Scenarios

Downstream breaches surface as compromised developers unknowingly propagate access

Discussed by: Wiz, Elastic Security Labs, and multiple incident response firms analyzing the 3% download exposure

The three-hour exposure window reached an estimated 3% of Axios's massive userbase. If any of those developers worked in enterprise environments, the cross-platform remote access trojan may have given UNC1069 persistent footholds in corporate networks. Over the coming weeks, incident response teams discover secondary compromises at financial institutions or cloud providers, escalating the incident from a supply chain scare into an active breach investigation. This mirrors the SolarWinds pattern where the initial compromise was just the door-opener.

npm overhauls publishing security, mandates provenance for high-impact packages

Discussed by: Snyk, Datadog Security Labs, and open-source security advocates calling for stricter registry controls

The Axios attack — coming just months after npm revoked all classic tokens — exposes gaps in the transition to the new security model. GitHub responds by requiring cryptographic provenance (Sigstore-based build attestation) for all packages above a download threshold, making it impossible to publish without a verified link to source code and build pipeline. This would prevent token-based publishing bypasses entirely but would impose significant workflow changes on maintainers.

North Korean supply chain operations escalate to target larger ecosystem packages

Discussed by: Google GTIG, Mandiant researchers, and U.S. intelligence analysts tracking DPRK cyber revenue generation

UNC1069's progression from spear-phishing crypto exchanges to compromising a top-10 npm package signals a strategic shift toward higher-leverage targets. If the Axios operation generated useful access or financial returns, the group may apply the same playbook to other foundational open-source packages across npm, PyPI, or other registries. The pattern of escalation — from event-stream in 2018 to Shai-Hulud in 2025 to Axios in 2026 — suggests the attacks are growing in ambition and sophistication.

Investigation reveals limited real-world damage; incident becomes a near-miss cautionary tale

Discussed by: Arctic Wolf, Sophos, and enterprise security teams conducting post-incident audits

The three-hour window was short enough that most automated build pipelines used cached or pinned versions of Axios, limiting actual installations of the compromised packages. Forensic analysis finds that the 3% download figure overstates real exposure, and few if any production environments executed the malicious payload. The incident is remembered as the highest-profile near-miss in npm history, accelerating security reforms without producing a major breach.

Historical Context

Event-stream npm hijacking (2018)

September-November 2018

What Happened

A developer using the handle right9ctrl gained the trust of event-stream's original maintainer through legitimate code contributions, then took over the package and injected a dependency that targeted the Copay Bitcoin wallet. The backdoor harvested private keys from accounts holding more than 100 Bitcoin. It went undetected for two months until a university student flagged suspicious code on GitHub.

Outcome

Short Term

npm removed the malicious code, but the incident exposed how easily maintainership of critical packages could be transferred through social engineering.

Long Term

The attack became the defining example of open-source supply chain risk and directly motivated npm's later security reforms, including mandatory two-factor authentication for high-impact package maintainers.

Why It's Relevant Today

The Axios attack follows the same fundamental pattern — compromising a single maintainer account to poison a widely-used package — but at dramatically larger scale. Event-stream had 2 million weekly downloads; Axios has 100 million.

3CX double supply chain attack (2023)

March 2023

What Happened

North Korea's Lazarus Group compromised the 3CX business phone desktop application, used by 600,000 companies including Toyota and McDonald's. Investigators discovered it was a 'double' supply chain attack: Lazarus had first compromised Trading Technologies' X_TRADER software, then used that access to reach 3CX's build systems.

Outcome

Short Term

3CX urged all 12 million daily users to uninstall the desktop app. Multiple security vendors issued emergency advisories.

Long Term

The attack demonstrated North Korean hackers' ability to chain supply chain compromises together, and it established Pyongyang as a peer-level threat in supply chain operations alongside Russia's intelligence services.

Why It's Relevant Today

The 3CX attack proved North Korean groups could execute sophisticated supply chain operations against major software. The Axios compromise shows UNC1069 applying that capability directly to the open-source ecosystem's most critical infrastructure: package registries.

SolarWinds Orion compromise (2020)

March-December 2020

What Happened

Russia's Foreign Intelligence Service (SVR) inserted a backdoor into SolarWinds' Orion network monitoring software update pipeline. Approximately 18,000 organizations installed the trojanized update, including the U.S. Treasury, Commerce Department, and Homeland Security. The compromise went undetected for nine months.

Outcome

Short Term

CISA issued an emergency directive to all federal agencies. SolarWinds' stock dropped 40% in the weeks following disclosure.

Long Term

SolarWinds reshaped how governments and enterprises evaluate software supply chain risk. It led to Executive Order 14028 on improving U.S. cybersecurity, which mandated software bills of materials (SBOMs) for federal contractors.

Why It's Relevant Today

SolarWinds demonstrated that compromising one point in the software supply chain can grant access to thousands of downstream targets. The Axios attack applies that same leverage to the open-source ecosystem, where a single popular package can reach millions of developers and their employers.