An npm supply chain attack orchestrated by North Korean threat actors compromised the Axios HTTP client package, one of the most downloaded JavaScript libraries in the world, exposing thousands of companies to malware and data theft. The attack, which unfolded over weeks through an elaborate social engineering scheme using Microsoft Teams and Slack, demonstrates how nation-state actors are targeting open-source maintainers with unprecedented sophistication.
Key Takeaways
- North Korean actors compromised Axios lead maintainer Jason Saayman’s account via fake Slack workspace and Teams SDK update ploy.
- Malicious Axios versions 1.14.1 and 0.30.4 were published to npm registry, enabling cross-platform supply chain malware deployment.
- Attack lasted weeks and involved cloned company branding, fake employee profiles, and realistic staged activity in a counterfeit Slack workspace.
- Axios is downloaded millions of times weekly and used by thousands of companies for server-web application data exchanges.
- Google Threat Intelligence Group linked the campaign to UNC1069, a North Korean threat actor group previously targeting cryptocurrency firms.
How the npm supply chain attack unfolded
The attack began with meticulous preparation. Hackers cloned the branding and founders’ likenesses of a legitimate company, then created a convincing fake Slack workspace branded to match the company’s corporate identity. Jason Saayman, the lead maintainer of Axios, received an invitation to this workspace. Inside, attackers populated realistic channels with LinkedIn posts linking to the real company account, created fake employee profiles, and even added profiles of other open-source maintainers to increase authenticity.
After weeks of building trust through this fictional environment, the attackers deployed the second phase: a ClickFix-style attack. Saayman received a fake error message prompting him to troubleshoot, which directed him to install what appeared to be a Microsoft Teams SDK update. This update was actually malware that hijacked his Windows PC’s registry and deployed a trojan. Once his maintainer account was compromised, the attackers had direct access to publish malicious code to the npm registry.
The precision of this operation cannot be overstated. Attackers did not spray phishing emails hoping someone would click—they identified a specific target, studied his ecosystem, and crafted a months-long narrative designed to lower his guard. As Saayman himself reflected, this was not opportunistic. It was precision.
The npm supply chain attack’s impact on millions of users
Axios is not a niche tool. The HTTP client is downloaded millions of times weekly and serves as a critical dependency for thousands of companies worldwide, enabling data exchanges between servers and web applications. When malicious versions 1.14.1 and 0.30.4 were published to the npm registry, the blast radius was enormous.
A supply chain attack at this scale is particularly dangerous because most developers do not scrutinize every dependency update. Automated build systems pull the latest versions, and unless developers pin specific version numbers, their applications could pull poisoned code without human review. The malware deployed through Axios could steal data for future attacks and facilitate cryptocurrency theft, according to threat intelligence analysis.
This attack mirrors earlier North Korean campaigns targeting cryptocurrency firms, where similar social engineering tactics and fake Teams updates were used. The pattern suggests a deliberate playbook: identify high-value targets in the open-source ecosystem, build months-long trust relationships through fabricated collaboration channels, then weaponize access to infrastructure that millions of users depend on.
Attribution to North Korean threat actors
Google Threat Intelligence Group attributed the campaign to UNC1069, a North Korean threat actor group, based on tactical similarities to prior campaigns targeting cryptocurrency firms and the sophistication of the social engineering approach. The attack was reported by Google GTIG the day after the breach was discovered.
What distinguishes this attack from typical cybercriminal activity is the patience and resources required. Weeks of maintaining a fake company, creating realistic Slack channels, and crafting employee profiles suggest state-level coordination and funding. North Korean threat actors have long targeted cryptocurrency and financial infrastructure; pivoting to open-source software supply chains represents an evolution in their tactics, offering access to far broader victim networks than targeting individual crypto wallets.
Why open-source maintainers remain vulnerable
Open-source maintainers operate in a unique position: they often work unpaid, manage critical infrastructure that millions depend on, and typically lack the security resources of large corporations. A single compromised maintainer account can poison an entire ecosystem. Social engineering exploits this reality by targeting humans rather than systems—and humans are far easier to trick when the attacker invests weeks in building credibility.
The fake Slack workspace tactic is particularly effective because collaboration is the norm in open-source development. Maintainers expect to be invited to new projects, asked for code reviews, and brought into working groups. An attacker who mimics these normal workflows can operate in plain sight for weeks before deploying malware.
Is the npm supply chain attack a warning for all package managers?
The Axios compromise is not an isolated incident—similar attacks have targeted other maintainers using the same fake Teams update approach. This suggests attackers are systematically probing the open-source ecosystem for high-value targets. Any popular package manager (npm, PyPI, RubyGems, Maven) could be vulnerable to the same social engineering tactics, since the attack vector is human psychology, not software vulnerabilities.
How can developers protect themselves from npm supply chain attacks?
Developers can reduce risk by pinning specific dependency versions in their lock files, reviewing changelog entries before updating packages, and monitoring for suspicious version releases. Organizations should also implement software composition analysis tools to detect anomalies in package updates and consider restricting npm package updates to vetted release windows where changes can be reviewed before deployment.
What makes this npm supply chain attack different from previous open-source hacks?
Most open-source compromises result from credential theft, account takeover via weak passwords, or unpatched vulnerabilities. This attack required weeks of social engineering, fabricated company infrastructure, and nation-state resources. It demonstrates that sophisticated actors now view the open-source supply chain as a high-value target worth investing in long-term operations to compromise.
The Axios attack exposes a fundamental asymmetry in open-source security: maintainers are often individuals or small teams operating with minimal security budgets, while attackers can be state-sponsored organizations with unlimited resources. Until the open-source community develops stronger defenses—including mandatory security training, two-factor authentication enforcement, and better tools for detecting anomalous package releases—similar attacks will likely continue. The precision displayed in this campaign should serve as a wake-up call that nation-states have moved beyond targeting individual cryptocurrency wallets. They are now systematically compromising the software supply chain itself.
This article was written with AI assistance and editorially reviewed.
Source: Windows Central
