Financially-motivated North Korean threat actors (UNC1069) compromised a maintainer's npm account to publish two backdoored Axios packages. The malicious versions introduced a hidden dependency with a post-install script that executed automatically upon installation, enabling a software supply chain attack. The article does not specify the affected or fixed version numbers, nor does it provide a CVSS score or a recommended workaround.
The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026, unknown attackers managed to publish two backdoored Axios npm packages after gaining access to a maintainer’s npm account. The malicious versions introduced a hidden dependency containing a post-install script, and this script executed automatically during installation … More → The post North Korean hackers linked to Axios npm supply chain compromise appeared first on Help Net Security .