North Korean hacker group UNC1069 hacked the Axios npm package and inserted the WAVESHAPER.V2 backdoor into a library with 100 million downloads. Just three hours Jand one compromised account. And the worlds most trusted JavaScript library became a silent weapon. It was North Korea most scaled open-source supply chain attack to date and just the beginning.Who did it and why read the full in depth.
What is Asios and why was it targeted?
If you are a even slightly familiar with web development you are a probably encountered Axios at least once because its a very common tool. It is a JavaScript library that makes HTTP requests easy. Simply put its what lets a website talk to a server. Its so common that the present in some form or another in 80% of the internet cloud and code environments.
Startups use this MNCs and even government systems use it. This meant that if someone compromised with this one library they could directly access millions of developer machines without any extra work. This was a golden target for hackers it means attack on ne place and penetrate thousands of places.
Compromise everything without disrupting anyone and just hide inside. Hackers did this when they hacked someone they were present without anyone suspecting that their system was hacked. By the time the person whose account was hacked they understands the hackers work is already done.
UNS1069 Who are these people and why are they not afraid
Behind this attack was UNC1069 a state sponsored hacker group from North Korea that has been active since 2018.This group is known by many names in the world.Google calls it UNC1069 and earlier MASAN and ClearSky called it CryptoCore in 2020 and Microsoft tracks it as Sapphire Sleet.These are all different names of the same entity.This group work is not for any personal gain they generate the money for the North Korean government.
There are so many global economic sanctions on North Korea that normal banking trade or currency exchange is not possible.So they choose the different way to made hacking a national revenue model.These people are so professional that they have dedicated R&D teams to developed the new malwares maintain infrastructures and target research just like any corporate company. And they target at a high level.
These are not ordinary cybercriminals these are state sponsored hackers that they running an entire parallel economy who have turned cyberspace into their ATM.They have a long history in the past few years and they have stolen hundreds of millions of dollars from cryptocurrency exchanges crashed DeFi platforms and emptied the wallets of FinTech companies.As early as February 2026 Google reported that UNC1069 was using the new malware families against a FinTech company.These people are unstoppable and the Axios attack was a new chapter in their escalation.
Preparations were made 18 hours before the attack.
The level of planning of attack makes it different from regular hacking.This was not a unexpected attack. A full 18 hours before the actual attack hackers quietly published the malicious package plain crypto-js to the npm registry no suspicious activity no alarms.This was done because publishing a new package and then using it immediately would look suspicious so they aged the package first.After a night everything was ready.
When the attackers compromised the npm account of Axios primary maintainer Jason Saiman using an old long-lived access token that had never been rotated.He changed the accounts registered email address to his ProtonMail address [email protected]. So the original developer could not take back his account and then they hit the publish button and affecting the millions of systems.
- March 30, ~06:00 UTC
Malicious package plain-crypto-js was pre-published on npm18 hours before the attack. - March 31, 00:21 UTC
Axios maintainer account takeover and two backdoored versions published: 1.14.1 and 0.30.4. Attack begins. - March 31, 00:27 UTC
Socket.dev’s scanner flagged the threat in just 6 minutes. - March 31, 03:20 UTC
Malicious packages removed from npm. But 3 hours of damage are already been done.
Malware designed smart enough to delete itself
When the developer runs npm install axios the invisible plain-crypto-js dependency comes along and its post install hook automatically fires without the developers permission.This hook runs an obfuscated JavaScript file called setup.js which is tracked by Google Silkbell.This file first detects the platform Windows, macOS or Linux and then launches the attack accordingly.
The encoding was so complex that automated security scanners could not usually detect it a reversed Base64 + XOR cipher with the key OrDeR_7077.After the job was finished SILKBELL deleted itself and replacing the original package.json with a completely clean version. So that anyone who later ran an npm audit or manually checked it would notice absolutely nothing.This forensic cleanup is a level of sophistication only found in state sponsored actors.
One more intresting detail was the URL path of the C2 server: /6202033 which is the attack date 3-30-2026 reversed. Security researchers called this an APT signature Easter egg. Something hackers deliberately use in their campaigns to mark their own work.
WAVESHAPER.V2 : A backdoor found all over
When the SILKBELL dropper does its work it installs the final payload WAVESHAPER.V2.This is an evolved version of UNC1069s previous WAVESHAPER backdoor.On macOS it installs as a Mach O binary in /Library/Caches/com.apple.act.mond disguised as Apples system cache.
On Windows the PowerShell executable is run by copying %PROGRAMDATA%\wt.exe the Windows Terminal and persistence is achieved through a hidden registry key called MicrosoftUpdate.On Linux a Python RAT is dropped into /tmp/ld.py and runs silently in the background.This backdoor checks in with the C2 server every 60 seconds communicates in Base64 JSON and uses an interesting trick to set its User-Agent to Internet Explorer 8 on Windows XP a 20 year old browser that can confuse modern security tools.
Attakers have these four commands :
kill : Stop the malware execution process
run script : Run AppleScript PowerShell or shell commands.
rundir : Enumerate the file system and all files sizes timestamps
peinject : Inject the arbitrary binary into the memory
These four commands give you all the listing of your entire file system and the power to run arbitrary commands and the ability to inject new malware, all through a hidden background process that hardly uses your systems resources.
What exactly made this happen ?
This question is still partially unanswered and this is the most concerning thing. UNC1069 is traditionally known for cryptocurrency theft. However no direct crypto theft or ransomware activity was observed in this Axios attack. Google researchers said that the full extent of post compromise activity is not yet known but given UNC1069s track record financially motivated attacks will definitely emerge.
Security analysts at thrive offered a different angle and this group primarily prefers long term silent access. Meaning, these people sneak in collect credentials SSH keys cloud tokens secrets and remain silent for months. This data is then either used directly to hack other companies or sold on dark markets.Secrets collected from this campaign could cause secondary breaches throughout 2026 that we do not yet know about.
This is not just one attack : it is part of a coordinated war
Axios was not the only target.During this same time period another North Korean group UNC6780 (TeamPCP) compromised Trivy Checkmarx LitLLM and Telnyx in GitHub Actions and PyPI packages all developer tools used daily by millions of engineers. These attacks deployed the SANDCLOCK credential stealer.
Researchers estimate that millions of stolen secrets from these campaigns remain at an unknown location. All of this creates a clear pattern North Korea on task that made the developer ecosystem its new primary target.Why? Because a developers compromised system is not just a single machine it includes the companys cloud credentials, passwords to production databases API keys and client data. An entire organization can be compromised by a single developer.
The real lesson is trust is the biggest vulnerability
This attack exposed a very uncomfortable truth. We developers have made npm install a reflex and don’t think, don’t look, just do it. Axios was a package with 100 million downloads, so trusted that no one doubted it. And this became its biggest weakness. Sonatype’s Field CTO said exactly this that hackers are now attacking not the code but the trust in the code.
Firewalls are of no use when the malware is coming from an already trusted channel. This attack did not use any zero day or any advanced network exploit, just an unrotated access token and a compromised email. The solution is just as simple use lockfiles pin dependency versionsrotate tokens regularly and consider every package install,no matter how popular a potential risk.
Final Decisions
North Korea not just steal the data with its Axios attack they proved that the biggest vulnerability in the modern software supply chain is the trust we blindly place 3million downloads in just 3 hours and an unrotated token thats all it took for a nation state to blow its secret door open to the entire developer world. And that door remains openbecause the credentials it obtained have yet to be fully exploited.
