NullSec.news// Cyber news for anyone

Supply Chain Attacks Escalate: From the Axios NPM Compromise to Emerging Defense Frameworks

The North Korea-linked compromise of the Axios NPM package - with nearly 100 million weekly downloads - underscores the growing severity of software supply chain attacks. As the industry grapples with the fallout, new standards from the FIDO Alliance and the Cloud Security Alliance are emerging to address the systemic trust gaps that make these attacks possible.

BYNULLSEC.NEWS DESK·2026-04-13T15:27Z·5 MIN READ
Supply Chain Attacks Escalate: From the Axios NPM Compromise to Emerging Defense Frameworks

A Three-Hour Window That Shook the JavaScript Ecosystem

On March 31, 2026, between 00:21 and 03:20 UTC, an attacker injected a malicious dependency called "plain-crypto-js" into two releases of the Axios NPM package - versions 1.14.1 and 0.30.4. Axios is the most widely used JavaScript HTTP client library, and the two affected versions collectively account for over 100 million and 83 million weekly downloads, respectively. 1North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Threat Intelligence Group

The window of exposure was narrow - roughly three hours - but the blast radius was enormous. Axios is deeply embedded across enterprise applications and CI/CD pipelines, meaning organizations that never directly installed the package may have pulled the compromised code through downstream dependencies.

Google Threat Intelligence Group (GTIG) attributed the attack to UNC1069, a financially motivated North Korea-nexus threat actor active since at least 2018. 1North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Threat Intelligence Group Microsoft Threat Intelligence independently confirmed the attribution, tracking the same actor as Sapphire Sleet. 2Axios npm supply chain attack started on Slack — Cybernews

How the Attack Worked

The compromise began with social engineering. According to Axios maintainer Jason Saayman, attackers posing as the founder of a known company contacted him via Slack roughly two weeks before the attack, building rapport before eventually gaining access to his NPM account. 2Axios npm supply chain attack started on Slack — Cybernews

Once inside, the attacker changed the account's associated email to an attacker-controlled Proton Mail address and published the poisoned versions. The malicious "plain-crypto-js" dependency used NPM's postinstall hook - a legitimate feature that automatically runs scripts after package installation - to silently execute an obfuscated JavaScript dropper called SILKBELL. 1North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Threat Intelligence Group

SILKBELL detects the target operating system and downloads platform-specific payloads:

  • Windows: A PowerShell script executed via a renamed copy of powershell.exe to evade detection.
  • macOS: A native Mach-O binary dropped to a system cache directory.
  • Linux: A Python backdoor saved to /tmp.

All three paths ultimately deploy WAVESHAPER.V2, a C++ backdoor that beacons to its command-and-control server over port 8000 at 60-second intervals using Base64-encoded JSON. 1North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Threat Intelligence Group The backdoor supports system reconnaissance, directory enumeration, arbitrary script execution, and in-memory PE injection. After deployment, the dropper attempts to delete itself and revert the modified package.json to a clean backup - a deliberate anti-forensic measure.

A Pattern, Not an Isolated Incident

The Axios compromise does not exist in isolation. GTIG noted that UNC6780 (also known as TeamPCP) recently poisoned GitHub Actions and PyPI packages associated with projects like Trivy, Checkmarx, and LiteLLM to deploy the SANDCLOCK credential stealer. 1North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Threat Intelligence Group A separate North Korea-aligned campaign has been observed exploiting web application vulnerabilities to pillage AWS tenants belonging to cryptocurrency companies. 3Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More — The Hacker News

"The build pipeline is becoming the new front line," said Avital Harel, a security researcher at Upwind. "Attackers know that if they can compromise the systems that build and distribute software, they can inherit trust at scale." 3Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More — The Hacker News

The cumulative effect is alarming. GTIG warned that hundreds of thousands of stolen secrets could now be circulating as a result of recent open-source supply chain attacks, potentially enabling ransomware events, SaaS environment compromises, and cryptocurrency theft. 1North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Threat Intelligence Group

Standardization Efforts: Closing the Trust Gap

While incident response teams scramble to contain the immediate damage, parallel efforts are underway to address the systemic weaknesses that supply chain attacks exploit.

FIDO Alliance and OT Connectivity. The FIDO Alliance published guidance on integrating its authentication standards into Operational Technology (OT) environments, aligning with new secure connectivity principles co-authored by the UK's NCSC and agencies from seven countries. The approach emphasizes phishing-resistant passkeys for human operators, FIDO Device Onboard (FDO) for cryptographic device attestation, and a new concept called Bare Metal Onboarding (BMO) that extends trust verification to the entire software stack - operating system, applications, configuration, and credentials. 4Integrating FIDO Standards into Secure OT Connectivity — FIDO Alliance The relevance to supply chain security is direct: BMO ensures that a device can be wiped and reinstalled to a cryptographically validated known-good state if compromise is suspected, reducing the persistence opportunities that backdoors like WAVESHAPER.V2 rely on. 4Integrating FIDO Standards into Secure OT Connectivity — FIDO Alliance

Cloud Security Alliance and SaaS Configuration. The CSA's SaaS Security Configuration Framework (SSCF), now updated to version 1.0.1, targets a different link in the chain: the enterprise customer's responsibility in securing SaaS configurations. The framework provides standardized controls for onboarding and maintaining SaaS tenants, with upcoming implementation and self-auditing guidelines. 5Standardizing the SaaS Ecosystem: The Case for SSCF Adoption — Cloud Security Alliance Given that stolen secrets from supply chain attacks can cascade into SaaS environment compromises, frameworks like the SSCF represent a necessary layer of defense at the application boundary.

What Defenders Should Do Now

GTIG's remediation guidance is specific and actionable 1North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Threat Intelligence Group:

  • Do not upgrade to Axios versions 1.14.1 or 0.30.4. Pin to 1.14.0 or earlier.
  • Audit lockfiles for the plain-crypto-js package (versions 4.2.0 or 4.2.1).
  • Block all traffic to sfrclak[.]com and IP 142.11.206.73.
  • Assume compromise if the malicious dependency is detected. Rotate all credentials and secrets on affected machines.
  • Clear NPM, Yarn, and pnpm caches on all workstations and build servers.
  • Pause CI/CD deployments for any package relying on Axios until builds are validated against pinned, safe versions.

Looking Ahead

The Axios incident exposes a structural problem: the open-source ecosystem's trust model was not designed for adversaries operating at nation-state level. A single maintainer, targeted through patient social engineering, became the gateway to millions of downstream environments. No amount of two-factor authentication can fully mitigate that risk when the human element is the attack surface.

The emerging standards from FIDO and CSA point toward a future where trust is continuously verified - for users, devices, and software states - rather than assumed at install time. But adoption takes time, and the attackers are not waiting. For now, the most effective defense remains rigorous dependency management, build pipeline security, and the uncomfortable recognition that any component in the software supply chain can become a weapon.

Bild: Steve A Johnson / Unsplash

Quellen

  1. North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Threat Intelligence Group
  2. Axios npm supply chain attack started on Slack — Cybernews
  3. Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More — The Hacker News
  4. Integrating FIDO Standards into Secure OT Connectivity — FIDO Alliance
  5. Standardizing the SaaS Ecosystem: The Case for SSCF Adoption — Cloud Security Alliance

Related dispatches

more from the desk
AI Agents Are Outrunning Enterprise Security: New Research Exposes a Structural Identity Crisis
Research·2026-04-13T15:28Z
AI Agents Are Outrunning Enterprise Security: New Research Exposes a Structural Identity Crisis
The Cloud Security Paradox: Enterprises Overestimate Data Protection as Misconfigurations Fuel Breaches
Research·2026-04-14T20:11Z
The Cloud Security Paradox: Enterprises Overestimate Data Protection as Misconfigurations Fuel Breaches
From Passkeys to AI Agents: How the Passwordless Ecosystem Is Rapidly Expanding Its Reach
Standards·2026-04-15T09:56Z
From Passkeys to AI Agents: How the Passwordless Ecosystem Is Rapidly Expanding Its Reach
NullSec.news

// Cyber news for anyone

© 2026 Nukipa. NullSec.news is a Nukipa publication.2026-04-15T13:58Z

We use cookies to analyze and improve our website.