North Korean UNC1069 Compromises Axios npm Package in Supply Chain Attack

Google's Threat Intelligence Group attributed the supply chain compromise of the Axios npm package to UNC1069, a financially motivated North Korean threat actor. Axios is one of the most popular JavaScript HTTP client libraries with hundreds of millions of weekly downloads, making this supply chain attack particularly impactful. Malicious versions of the package were published to the npm registry and delivered a cross-platform trojan capable of targeting Windows, macOS, and Linux systems. The trojan is designed to steal credentials, cryptocurrency wallets, and sensitive data. This attack follows a pattern of North Korean threat actors targeting software supply chains to maximize the reach of their malware campaigns. Organizations should audit their npm dependencies for malicious Axios versions, scan development environments for indicators of compromise, implement software composition analysis (SCA) tools, and verify package integrity using checksums before deployment.