Google attributes the supply chain attack on open-source HTTP client Axios to a suspected North Korean threat actor it tracks as UNC1069
A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised.
TechCrunch Lorenzo Franceschi-Bicchierai
Related Coverage
- Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT Snyk · Liran Tal
- North Korean hackers suspected in major software supply chain attack The Sun Malaysia
- North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project DevOps.com · Jeff Burt
- North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack Google Cloud Blog
- Hackers linked to Pyongyang planted malicious code in Axios update, Google says Korea Joongang Daily · Jung Si-Nae
- North Korea hackers suspected of attack on widely used software tool The Japan Times
- North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt KTVZ · Sean Lyngaas
- North Korea-linked hack hits largely invisible software that powers online services Reuters
- Google links axios supply chain attack to North Korean group The Record · Jonathan Greig
- A supply chain attack compromised HTTP client Axios, which has 100M weekly npm downloads, introducing a malicious dependency into specific npm releases Socket
- North Korean Hackers Linked To Major Security Breach In Suspected Crypto Theft Attempt Benzinga · Aniket Verma
- North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux Cyber Security News · Tushar Subhra Dutta
- Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads Trend Micro
- Hackers compromise Axios npm package to drop cross-platform malware BleepingComputer · Bill Toulas
- North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt CNN · Sean Lyngaas
- Google Says North Korea Was Behind the Axios npm Supply Chain Attack Security Boulevard · Rebecca Kappel
- Web-code library with millions of weekly downloads poisoned by malicious release: ‘This is unironically a malware nuclear missile’ PC Gamer · Jacob Fox
- N. Korean hackers were behind malicious versions of Axios Metacurity · Cynthia B Brumfield
- North Korean hackers linked to Axios npm supply chain compromise Help Net Security · Zeljka Zorz
- axios Compromised on npm - Malicious Versions Drop Remote Access Trojan Step Security Blog · Ashish Kurmi
- ‘Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks’: Google says North Korean hackers behind major attack on Axios TechRadar · Sead Fadilpašić
- Backdooring of JavaScript Library Axios Tied to North Korea BankInfoSecurity.com · Mathew J. Schwartz
Discussion
-
@emily.news
Emily
on bluesky
they got hacked by an unc?? [embedded post]
-
@seldo.com
Laurie Voss
on bluesky
I don't really know what we as an industry are supposed to do about North Korea. No individual developer and few corporations have the resources to fend off a determined nation state attacker, but that's what we've got, permanently, all of us. [embedded post]
-
@lorenzofb
Lorenzo Franceschi-Bicchierai
on bluesky
NEW: Someone hijacked an open-source software development tool to push malware to millions of people. — The supply chain attack was stopped in less than three hours, but it's still unclear how many people got hacked. — techcrunch.com/2026/03/31/h...
-
@zackwhittaker@mastodon.social
Zack Whittaker
on mastodon
Google is now linked the hack and hijack of the popular Axios npm open-source project to North Korea (UNC1069), which is known for stealing cryptocurrency. — Axios is downloaded tens of millions of times weekly, so this hack is likely widespread. — Our updated story: https://…
-
@johnhultquist
John Hultquist
on x
We are still looking at the axios supply chain compromise, but we've attributed it to UNC1069, a suspected DPRK actor, who we covered in a blog this February. They are financially-motivated and historically DPRK uses these incidents to target crypto. https://cloud.google.com/...
-
@johnhultquist
John Hultquist
on x
Our blog on the Axios NPM supply chain attacks. We are attributing the incident to a suspected North Korean threat actor we track as UNC1069. That actor is financially motivated and DPRK historically leveraged supply chain attacks to target crypto. https://cloud.google.com/...