GOOGLE has attributed the recent compromise of the Axios npm package to a North Korean threat group tracked as UNC1069. The attack inserted malicious versions of a library that records over 100 million weekly downloads, exposing a broad base of developers to a cross‑platform remote access trojan. The move marks one of the first public attributions of a supply‑chain intrusion to a state‑linked actor motivated by financial gain.
The rogue releases, labelled 1.14.1 and 0.30.4, contained a phantom dependency called plain‑crypto‑js that executed a postinstall script to drop a payload dubbed WAVESHAPER.V2. This payload adapts to the host OS, using PowerShell on Windows, a compiled Mach‑O binary on macOS and a Python‑based backdoor on Linux. No CVE identifier has been assigned to the flaw because the issue stems from malicious code rather than a traditional vulnerability.
Attackers gained control of the npm account belonging to the primary maintainer @jasonsaayman by abusing a long‑lived access token, which allowed them to publish directly via the npm CLI and sidestep the repository’s GitHub Actions OIDC workflow. They had previously published the benign‑looking plain‑crypto‑js package some eighteen hours earlier to establish a publishing history, then pushed the trojanised Axios versions shortly after midnight on 31 March 2026. The malicious packages remained live for about three hours, during which roughly three per cent of Axios users downloaded them before they were removed.
UNC1069 has been observed by Google Threat Intelligence Group since at least 2018, with its infrastructure tied to the WAVESHAPER.V2 framework used in this intrusion. Although the group is linked to the North Korean government, analysts describe its recent operations as financially motivated, focusing on monetising access through theft of credentials and potential follow‑on extortion. The actor’s toolbox includes social engineering, token theft and the use of legitimate‑looking npm packages to evade detection.
Organisations using Axios should immediately audit their lockfiles and delete any instances of versions 1.14.1 or 0.30.4, while also removing the plain‑crypto‑js dependency from their projects. Maintainers are urged to rotate all npm tokens, enforce two‑factor authentication on accounts and review any unexpected postinstall scripts in their dependencies. Defenders can consult the mitigation guidance published by Microsoft Microsoft Security Blog and leverage Indicators of Compromise shared by SOCRadar SOCRadar’s Axios npm Hijack 2026 guide to hunt for malicious activity on endpoints.
The incident highlights the persistent risk posed by supply‑chain attacks that exploit trusted maintainer credentials, prompting a rethink of how provenance and account security are handled in open‑source ecosystems. It also highlights the need for continuous monitoring of postinstall hooks and for developers to treat even widely used libraries as potential attack vectors. By sharing attribution and technical details publicly, Google and its peers aim to equip the defence community with the knowledge required to detect and thwart similar campaigns in the future.