The Axios npm supply chain attack represents one of the most sophisticated compromises of a top-tier open-source package, with North Korean state hackers using pre-staged malware to target millions of developers worldwide. On March 31, 2026, attackers compromised the maintainer account for Axios, one of the ten most downloaded npm packages with 83 to 100 million weekly downloads, and published malicious versions within 39 minutes. Google Threat Intelligence Group (GTIG) attributed the attack to UNC1069, a North Korean actor with deep experience in supply chain operations targeting cryptocurrency and critical infrastructure.
Key Takeaways
- North Korean actor UNC1069 compromised Axios maintainer account and published malicious versions 1.14.1 and 0.30.4 on March 31, 2026
- Malware deployed cross-platform remote access trojan (RAT) with self-destructing traces across Windows, macOS, and Linux
- Axios handles 83-100 million weekly downloads and is used in approximately 80% of cloud and code environments
- Malicious versions detected and halted within three hours by security researchers at StepSecurity
- Attack demonstrates scalable template for future compromises of high-impact open-source packages
How the Axios npm supply chain attack unfolded
The attack began when hackers gained access to the Axios maintainer account belonging to user “jasonsaayman” and replaced the account email to maintain persistence. Within 39 minutes, malicious versions 1.14.1 (main branch) and 0.30.4 (legacy branch) were published to npm. The attacker exploited a long-lived classic npm access token to bypass GitHub Actions CI/CD protections, a critical vulnerability in the authentication chain. What made this attack particularly dangerous was its precision: the malicious dependency “[email protected]” was injected via a postinstall hook in package.json, meaning any developer downloading the compromised versions would automatically execute the dropper during installation.
The malware itself, tracked as “SILKBELL,” functioned as an obfuscated JavaScript dropper named “setup.js” that fetched operating system-specific payloads from a remote command-and-control server. This cross-platform approach is unusual for supply chain attacks—the attackers had pre-built three separate payloads for Windows, macOS, and Linux, suggesting careful planning rather than opportunistic exploitation. Each payload deployed a fully functional remote access trojan capable of complete system compromise, with built-in forensic self-destruction to erase traces of the attack.
Why this attack matters for the broader security landscape
Axios is not a niche library. With 83 to 100 million weekly downloads and integration in roughly 80% of cloud and code environments, the potential blast radius is enormous. Google’s John Hultquist, chief analyst at GTIG, stated: “The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts”. Security firm Wiz detected the malicious package in approximately 3% of scanned environments, though the actual number of affected systems remains unclear since the malicious versions circulated for roughly three hours before detection. Any developer who downloaded Axios during that window—and the package receives millions of downloads daily—potentially received the remote access trojan.
What distinguishes this attack from typical supply chain incidents is its level of operational sophistication. According to ReversingLabs Chief Software Architect Tomislav Peričin: “The level of operational sophistication documented here, including compromised maintainer credentials, pre-staged payloads built for three operating systems, both release branches hit in under 40 minutes, and built-in forensic self-destruction, reflects a threat actor that planned this as a scalable operation”. The attacker staged the malicious dependency 18 hours in advance, suggesting reconnaissance and preparation typical of state-level operations rather than individual threat actors.
Attribution to North Korean actor UNC1069
Google Threat Intelligence Group linked the attack to UNC1069, a North Korean threat actor with a documented history of supply chain attacks targeting cryptocurrency exchanges and blockchain infrastructure. The attribution rests on multiple technical indicators, including overlap between the macOS payload and the WAVESHAPER C++ backdoor previously tracked by Mandiant and associated with UNC1069. North Korean state hackers have consistently used supply chain compromises as a vector for cryptocurrency theft, making Axios—a library used across fintech, blockchain, and cryptocurrency platforms—a high-value target.
This attribution carries significant geopolitical implications. Supply chain attacks represent a asymmetric capability favored by state actors because a single compromise can affect thousands of downstream targets simultaneously. UNC1069’s demonstrated ability to compromise a top-ten npm package suggests that other high-impact open-source projects may face similar risks, and that the threat actor has both the technical capability and operational planning to execute scalable attacks across the ecosystem.
Immediate detection and response
StepSecurity identified and halted the malicious versions within approximately three hours of publication. npm removed the compromised packages from its registry, but the damage window had already opened. Aikido Security advised all developers to assume compromise if they downloaded the affected versions during the attack window. The rapid detection prevented what could have been a far more catastrophic incident—had the malware remained undetected for days or weeks, the number of affected systems would have multiplied exponentially.
For developers and organizations, the incident exposed a critical vulnerability in npm’s security model: a compromised maintainer account with a long-lived access token can bypass many automated defenses. Even organizations with dependency scanning tools may have missed the malicious versions during the brief three-hour window, highlighting the gap between detection speed and attack speed in the modern supply chain.
Is the Axios npm supply chain attack a one-time event or a template?
Security experts view this attack as a template rather than an isolated incident. The operational sophistication—pre-staged payloads, rapid dual-branch deployment, forensic self-destruction—suggests UNC1069 has developed a repeatable playbook for compromising high-impact packages. If other maintainer accounts can be compromised with similar ease, the npm ecosystem faces an ongoing threat from state-level actors seeking to deploy malware at scale.
What should developers do after the Axios npm supply chain attack?
Developers who installed Axios versions 1.14.1 or 0.30.4 between March 31 and April 1, 2026 should assume their systems may be compromised and take immediate action: update to a patched version, scan systems for remote access trojans, and review network traffic logs for connections to unknown command-and-control servers. Organizations should also audit their npm dependency trees to identify all downstream packages that depend on Axios, as the attack could have propagated through the entire supply chain.
How does this attack compare to other npm supply chain incidents?
The Axios attack differs from previous npm compromises in its sophistication and attribution to a state actor. Earlier npm attacks often involved account takeovers by individual threat actors seeking to inject cryptominers or info-stealers; the Axios attack deployed a full remote access trojan with cross-platform support and forensic self-destruction. The involvement of UNC1069 also signals that state-level actors now view npm as a strategic target for supply chain operations, elevating the risk profile for the entire ecosystem.
The Axios npm supply chain attack exposed a fundamental tension in open-source security: packages with the highest impact and widest adoption are often maintained by small teams with limited resources to defend against state-level threats. Until npm and the broader ecosystem implement stronger authentication mechanisms, maintainer account verification, and faster malware detection pipelines, high-impact packages will remain attractive targets for sophisticated threat actors. The three-hour detection window was fortunate; next time, the window may be wider.
This article was written with AI assistance and editorially reviewed.
Source: TechRadar
