Google Attributes Axios Library Supply Chain Compromise to North Korean Threat Actor

The Google Threat Intelligence Group (GTIG) attributed the recent supply chain compromise of the Axios library distributed via NPM to a North Korean threat actor tracked as UNC1069. The incident involves malicious activity targeting the software supply chain, though no specific technical details, dates, or CVE IDs were provided. The attribution is based on GTIG’s analysis linking the attack to the identified adversary. The compromise affects the Axios library, a widely used HTTP client for JavaScript. No further impacts or victim details were disclosed in the report.