Full Report
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. [...]
Analysis Summary
# Incident Report: Axios npm Supply Chain Compromise (UNC1069)
## Executive Summary
The popular Axios HTTP client fell victim to a sophisticated social engineering and supply chain attack conducted by the North Korean-linked threat actor UNC1069. By impersonating a legitimate company and using a "ClickFix" malware tactic during a fake Microsoft Teams meeting, attackers compromised a lead maintainer's workstation to publish malicious versions of the Axios package. The incident resulted in the distribution of a Remote Access Trojan (RAT) to users who downloaded the affected npm versions during a three-hour window.
## Incident Details
- **Discovery Date:** April 4, 2026 (Reported)
- **Incident Date:** Commenced weeks prior to April 2026
- **Affected Organization:** Axios Open Source Project
- **Sector:** Information Technology / Software Development (Open Source)
- **Geography:** Global impact via npm registry
## Timeline of Events
### Initial Access
- **Date/Time:** Weeks prior to discovery
- **Vector:** Targeted Social Engineering (LinkedIn/Slack)
- **Details:** Attackers impersonated a legitimate company, creating a high-fidelity Slack workspace with fake employee profiles and staged activity to build rapport with the lead maintainer.
### Lateral Movement
- **Mechanism:** The attackers transitioned the target from Slack to a fraudulent Microsoft Teams meeting. During the call, a fake "RTC Connection Error" was displayed.
- **Payload Delivery:** The maintainer was prompted to install a "fix" for the error, which was actually a Remote Access Trojan (RAT) identified as WAVESHAPER.V2.
### Data Exfiltration/Impact
- **Credential Theft:** The RAT allowed attackers to bypass MFA by hijacking authenticated session tokens from the maintainer’s device.
- **Package Poisoning:** Attackers utilized the stolen credentials to publish two malicious versions of Axios (1.14.1 and 0.30.4) to the npm registry.
- **Malware Propagation:** These versions included a malicious dependency (`plain-crypto-js`) that installed a cross-platform RAT on any system downloading the package.
### Detection & Response
- **Discovery:** Identified via community reports and internal audit of npm releases.
- **Response Actions:** Malicious versions were removed from npm within three hours of publication. Maintainers initiated a post-mortem, wiped affected systems, and revoked all credentials.
## Attack Methodology
- **Initial Access:** High-fidelity social engineering (Impersonation).
- **Persistence:** Remote Access Trojan (WAVESHAPER.V2) installed on the maintainer's local machine.
- **Privilege Escalation:** Not applicable (direct access to maintainer-level permissions).
- **Defense Evasion:** Use of legitimate-looking Slack/Teams infrastructure and "ClickFix" error messages to bypass user suspicion.
- **Credential Access:** Session token theft to bypass Multi-Factor Authentication (MFA).
- **Discovery:** Reconnaissance of high-impact open-source maintainers across LinkedIn.
- **Lateral Movement:** Transitioning from developer workstation to the npm production registry.
- **Collection:** Stealing authentication keys and developer session data.
- **Exfiltration:** Exfiltrating session tokens to C2 infrastructure.
- **Impact:** Supply chain compromise via malicious package dependency injection.
## Impact Assessment
- **Financial:** Unknown; potential costs related to incident response and user remediation.
- **Data Breach:** Compromise of maintainer credentials and potential compromise of any user/system that pulled Axios v1.14.1 or v0.30.4.
- **Operational:** Disruption to Axios release cycle and maintenance.
- **Reputational:** Significant impact on the perceived security of the Axios package and the broader npm ecosystem.
## Indicators of Compromise
- **Network:** Connections to domains impersonating Microsoft Teams or Slack (e.g., `teams-support[.]live` - defanged).
- **File:** `plain-crypto-js` (Malicious npm dependency).
- **Behavioral:** Unexpected npm publishes; prompt to "fix" Teams errors by downloading executable files; calls from unknown "recruiters" leading to private Slack workspaces.
## Response Actions
- **Containment:** Removed malicious Axios versions (1.14.1, 0.30.4) from the npm registry.
- **Eradication:** Wiped infected maintainer workstations and rotated all npm and project-related secrets.
- **Recovery:** Published clean versions and issued a public post-mortem warning users to rotate their own credentials.
## Lessons Learned
- **MFA is Not Infallible:** Session hijacking/token theft can bypass traditional MFA.
- **Sophisticated Impersonation:** Threat actors are willing to spend weeks building rapport through cloned company identities and "populated" Slack channels.
- **Browser/App Errors as Attack Vectors:** The "ClickFix" technique—using fake technical errors to prompt malware installation—is highly effective even against technical users.
## Recommendations
- **Hardware Security Keys:** Move from SMS/App-based MFA to FIDO2/WebAuthn hardware keys to mitigate session/token theft.
- **Environment Isolation:** Use dedicated, isolated machines or virtual environments for publishing to production registries.
- **Dependency Pinning:** Users should use lockfiles (package-lock.json) and audit new dependency versions before deployment.
- **Security Awareness:** Train maintainers specifically on "ClickFix" tactics and the risks of joining third-party Slack/Teams environments for unsolicited meetings.