Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain.

Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios.

John Hultquist of Google Threat Intelligence confirmed the attribution, highlighting the group’s growing activity in supply chain attacks.

“GTIG attributes this activity to UNC1069, a financially motivated North Korea-nexus threat actor active since at least 2018, based on the use of WAVESHAPER.V2, an updated version of WAVESHAPER previously used by this threat actor. Further, analysis of infrastructure artifacts used in this attack shows overlaps with infrastructure used by UNC1069 in past activities.” reads the analysis by Google Threat Intelligence Group. “Analysis of the C2 infrastructure (sfrclak[.]com resolving to 142.11.206.73) revealed connections from a specific AstrillVPN node previously used by UNC1069. Additionally, adjacent infrastructure hosted on the same ASN has been historically linked to UNC1069 operations.”

Threat actors compromised the npm account of Axios, a widely used library with over 100M weekly downloads. They published malicious versions to spread remote access trojans across Linux, Windows, and macOS. Multiple security firms identified the supply chain attack after the rogue updates appeared in the npm registry.

Malicious versions of Axios (1.14.1 and 0.30.4) were published within an hour without OIDC verification or matching GitHub commits, raising immediate red flags. Researchers believe attackers compromised maintainer Jason Saayman’s npm account.

“Anyone who installed either version before the takedown should assume their system is compromised. The malicious versions inject a dependency (plain-crypto-js) that deploys a cross-platform remote access trojan targeting macOS, Windows, and Linux.” read the report published by Aikido Security.

The impact is unclear, but given Axios’ ~400M monthly downloads, many downstream projects may have been exposed during the brief attack window.

Socket researchers reported that a malicious package called [email protected] was published and detected within minutes, likely as part of a coordinated attack targeting Axios. Attackers inserted this dependency into two compromised Axios versions, allowing malware to spread through a trusted library used by millions of projects. Because many developers rely on automatic updates, affected versions could be installed without notice.

The malicious code was designed to stay hidden. It used obfuscation techniques to avoid detection and ran automatically during installation through a post-install script. Once executed, it checked the operating system (Windows, macOS, or Linux) and downloaded a second-stage payload tailored to each platform. In the case of macOS, researchers confirmed the delivery of a fully functional remote access trojan (RAT) capable of collecting system information, communicating with a command-and-control server, and executing commands.

“Security researcher Joe Desimone from Elastic Security captured and reverse-engineered the macOS second-stage binary before the C2 went offline. The payload is a fully functional remote access trojan written in C++.” reads the report published by Socket.

To avoid being discovered, the malware removed its own traces after running. It deleted installation files and restored clean-looking package content, making the infected library appear normal. The experts believe the attack was possible due to the compromise of a maintainer account, enabling unauthorized publishing of malicious updates.

Google’s Threat Intelligence Group (GTIG) and other researchers attribute the Axios npm supply chain attack to North Korean threat actor UNC1069, which has been active since at least 2023. SentinelOne previously observed the group using macOS malware, including attacks on a cryptocurrency firm with fake Zoom campaigns. Malware used in Axios mirrors WAVESHAPER, a strain tied to North Korean operations. Hultquist emphasized the group’s expertise in supply chain attacks and cryptocurrency theft.

WAVESHAPER.V2 is a versatile backdoor used by UNC1069, targeting macOS, Windows, and other environments via C++, PowerShell, or Python. It beacons to C2 every 60 seconds with Base64-encoded JSON, using a hardcoded User-Agent, then waits for commands. Capabilities include reconnaissance (system info, running processes), directory enumeration, script execution, and PE injection. On Windows, it persists via a hidden batch file and registry entry, acting as a full RAT with remote command execution and file system access.

“North Korea-linked threat actors “have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency.”

“The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts,” Hultquist said. 

“North Korean hackers have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency. The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts.”

“The impact of this attack by North Korea-nexus actors is broad and has ripple effects as other popular packages rely on axios as a dependency. Notably, UNC1069 isn’t the only threat actor that has launched successful open source supply chain attacks in recent weeks. UNC6780 (also known as TeamPCP) recently poisoned GitHub Actions and PyPI packages associated with projects like Trivy, Checkmarx, and LiteLLM to deploy the SANDCLOCK credential stealer and facilitate follow-on extortion operations.” concludes Google. “Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks. This could enable further software supply chain attacks, software as a service (SaaS) environment compromises (leading to downstream customer compromises), ransomware and extortion events, and cryptocurrency theft over the near term. “

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Axios)