North Korean Threat Actors Compromise Axios npm Package Through Social Engineering

The maintainer of the Axios npm package confirmed a supply chain compromise resulting from a targeted social engineering campaign by North Korean threat actors identified as UNC1069. Attackers tailored their approach specifically to the maintainer, Jason Saayman, by impersonating the founder of an unspecified entity to gain trust. The incident represents a deliberate attack on the npm ecosystem, though no specific technical details, dates, or CVE IDs were disclosed. The impact involves the compromise of the Axios package, a widely used HTTP client library, potentially affecting downstream dependencies. No further details on the attack vector or payload were provided in the available content.