Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google’s Threat Intelligence Group (GTIG) attributed the supply chain compromise of the Axios npm package to a North Korean threat group tracked as UNC1069. The attack was identified as financially motivated, with Google confirming the attribution through a statement from chief analyst John Hultquist. No specific technical details, such as attack vectors, affected package versions, or exploitation timelines, were disclosed in the report. The incident involves a supply chain attack targeting the widely used Axios JavaScript library distributed via npm. The threat actor’s designation, UNC1069, aligns with Google’s internal tracking of North Korean cyber activity.