North Korean Hackers Compromise Axios npm Package in Supply Chain Attack

On March 31, 2026, financially motivated North Korean hackers were linked to a supply chain attack targeting Axios, a widely used HTTP client library, via compromised npm packages. Attackers gained access to a maintainer's npm account and published two backdoored versions of Axios, embedding a hidden dependency with a post-install script that executed automatically during installation. The threat actor group UNC1069 was identified in connection with the compromise. The malicious packages introduced a covert mechanism to deploy the backdoor without explicit user interaction. No specific CVE IDs or further technical indicators were disclosed in the report.