Google Links Axios npm Supply Chain Hack to Suspected North Korean Group
7d
Breaking
1
Google threat researchers say a suspected North Korean hacking group tracked as UNC1069 briefly compromised the widely used Axios JavaScript library on npm, turning it into a vehicle for credential‑stealing malware targeting Windows, macOS and Linux. Earlier this week, attackers gained access to a maintainer’s GitHub account and published at least two malicious Axios versions, which were downloaded before being removed about three hours later. Cloud‑security firm Wiz estimates Axios is pulled roughly 100 million times a week and is present in about 80% of cloud and code environments, and has already detected the tainted versions in roughly 3% of the environments it scanned. Although the malicious packages have been taken down, researchers warn the incident could have far‑reaching impacts because compromised code can persist deep in downstream software supply chains. Google also stressed this operation is separate from another major npm supply‑chain attack disclosed last week, underscoring the growing tempo and sophistication of software‑dependency compromises with clear implications for U.S. companies and infrastructure.