Full Report
See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable.Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable One Exposure Management Platform, can tell you in minutes if your organization is running compromised versions of the Axios npm package following a recent discovery of a supply chain attack. Tenable Hexa AI configures and launches scans; tags affected assets by severity, owner, or business unit to scope the blast radius of the threat; and automates remediation scans to verify remediation effectiveness. The workflow that Tenable Hexa AI automates (targeted scan, tag, remediate, verify) applies to any emerging threat, whether the discovery of a new CVE, zero-day vulnerability, or supply chain compromise. When a highly utilized code package like the Axios npm package is compromised in a supply chain attack, news of the compromise often sets off a mad scramble for security teams. Responding to the discovery can take days, and typically involves manually configuring different assessments to identify if vulnerable versions of the software are present in your environment, and if so, which assets are affected by them. Then, of course, you have to implement recommended remediations, which in the case of the Axios npm supply chain attack include:Downgrade to safe versions: [email protected] or [email protected] the phantom dependency: node_modules/plain-crypto-js/Block C2 traffic to sfrclak[.]com and 142.11.206.73Treat affected systems as fully compromised: rotate all secrets and credentials, rebuild from clean snapshotsAudit CI/CD pipelines: ephemeral runners require secret rotation; self-hosted runners are treated as fully compromisedSearch for file artifacts: /Library/Caches/com.apple.act.mond (macOS), %PROGRAMDATA%\wt.exe (Windows), /tmp/ld.py (Linux).Even if you can respond and remediate within hours, it’s still not fast enough for AI-assisted threat actors. These days, we need to answer three critical questions in minutes: Are we exposed?Where are we exposed?How quickly can we mitigate the threat? In the first of a series of blogs on use cases for the Tenable Hexa AI agentic engine, we show you how Tenable Hexa AI accelerates this exact workflow to reduce your window of risk.Using Tenable Hexa AI to discover the Axios threat and answer “Are we exposed?”When researchers discover a new zero-day or supply chain compromise, the first question on security teams’ minds isn’t “How do we fix it?” It’s “Are we affected?” Answering that question shouldn’t be difficult, and with Tenable Hexa AI, it couldn’t be simpler. Open Tenable Hexa AI and type something like, “Show me all assets in my environment vulnerable to the Axios Supply Chain vulnerability.”Tenable Hexa AI then queries the Tenable One Exposure Data Fabric, the data already collected from your existing scans, agents, and integrations. Within seconds, Tenable Hexa AI produces a clear picture of which assets are running the compromised Axios versions, where they sit in your network, and how critical they are to your business. No query language. No console-hopping. No waiting for a new scan to finish. Just ask the question and get the answer. Using Tenable Hexa AI to scope the blast radius with asset taggingNow you know which assets are affected, but a flat list isn’t a response plan; it’s a starting point. The next step is to scope the blast radius and organize it for action. With Tenable Hexa AI, this is as simple as telling Tenable Hexa AI to “Tag this with the category Supply Chain and value Axios.” Tenable Hexa AI then bulk-applies the tag across every asset in one action. And just like that, you’ve turned a raw discovery into a structured, queryable incident surface. This matters because tagging is the bridge between exposure discovery and remediation by the right team. Once assets are tagged, you can slice them by business unit or owner to route remediation work. You can feed tagged assets into dashboards for executive visibility, and critically, the tag preserves a snapshot of the blast radius as the environment changes. Why this capability matters beyond AxiosSupply chain attacks have seen a staggering increase in recent years, with the Sonatype 2024 State of the Software Supply Chain report showing a 156% year-over-year surge in attacks targeting upstream repositories like npm and PyPI. So the question isn’t if another package will be poisoned, but how much of your weekend it will consume when it happens.What we’ve shown here with the Axios response (i.e., scope, discover, prioritize) is more than just a fix for one npm package. It represents a fundamental shift in how security teams handle emergency response. By using Tenable Hexa AI, you are building agentic and operational muscle memory. You can deploy the exact same conversational workflow you used to hunt for malicious versions of Axios the moment the next Log4j, XZ Utils, or MoveIt-style vulnerability hits the news.Tenable Hexa AI transforms high-pressure fire drills like the discovery of the Axios npm supply chain attack into a structured, repeatable, and sane workflow. Instead of writing custom scripts or manually configuring policies under duress, you simply tell Tenable Hexa AI what to do, and the agentic engine handles the grunt work for you. Use cases for agentic AI: Additional ways to use Tenable Hexa AI Stay tuned for more use cases demonstrating the agentic power of Tenable Hexa AI. Here’s what’s coming next: Using Tenable Hexa AI to target remediation scans at tagged assets, schedule post-patch verification, and compare before/after results to confirm the threat is neutralizedUsing Tenable Hexa AI to automate the creation of risk dashboards and report on security KPIsUsing Tenable Hexa AI to map vulnerabilities to asset owners (via Okta, CMDB, or custom mappings) and automatically notify the right teams.Using Tenable Hexa AI to trigger patching workflows and network isolation for compromised assetsTenable Hexa AI is currently in private preview for select Tenable One customers. Contact your Tenable Account Team to join the private preview program.Want to learn more? Download the Tenable Hexa AI data sheet to get the full technical breakdown of our agentic capabilities.
Analysis Summary
# Tool/Technique: Axios npm Supply Chain Attack
## Overview
This technical summary focuses on the recent supply chain compromise involving the widely used `axios` npm package. Attackers published poisoned versions of the library to embed malicious dependencies and secondary payloads. The primary purpose of this attack is to gain unauthorized access to environments utilizing the library, exfiltrate credentials, and establish persistence within CI/CD pipelines and production systems.
## Technical Details
- **Type:** Malware Family / Supply Chain Attack
- **Platform:** Cross-platform (Windows, macOS, Linux) via Node.js environments
- **Capabilities:** Credential theft via phantom dependencies, command-and-control (C2) communication, and multi-operating system persistence via local file artifacts.
- **First Seen:** Approximately late 2024 (based on the context of emerging threat reports).
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- **T1195.002 - Supply Chain Compromise: Compromise Software Dependencies**
- **TA0003 - Persistence**
- **T1543 - Create or Modify System Process**
- **TA0006 - Credential Access**
- **T1555 - Credentials from Web Browsers/IDEs (Targeting CI/CD secrets)**
- **TA0011 - Command and Control**
- **T1071.001 - Application Layer Protocol: Web Protocols**
## Functionality
### Core Capabilities
- **Dependency Poisoning:** Infiltrates projects by masquerading as or being included in a legitimate high-utilization package (`axios`).
- **Phantom Dependency Injection:** Automatically installs a hidden malicious dependency identified as `plain-crypto-js` into the `node_modules` directory.
- **C2 Communication:** Establishes outbound connections to attacker-controlled infrastructure to receive instructions or exfiltrate data.
### Advanced Features
- **Multi-OS Payload Execution:** Tailors file artifacts for specific operating systems:
- **macOS:** Execution via `.act.mond` cache files.
- **Windows:** Execution via binary artifacts in `%PROGRAMDATA%`.
- **Linux:** Execution via Python scripts in `/tmp/`.
- **CI/CD Persistence:** Specifically targets ephemeral and self-hosted runners to intercept secrets and maintain access even after code changes.
## Indicators of Compromise
- **File Hashes:** [Specific hashes not provided in the source text]
- **File Names:**
- `node_modules/plain-crypto-js/` (Malicious dependency)
- `/Library/Caches/com.apple.act.mond` (macOS)
- `%PROGRAMDATA%\wt.exe` (Windows)
- `/tmp/ld.py` (Linux)
- **Network Indicators:**
- `sfrclak[.]com` (C2 Domain)
- `142[.]11[.]206[.]73` (C2 IP Address)
- **Behavioral Indicators:**
- Unexpected outbound traffic from build servers or production Node.js applications to the aforementioned C2.
- Presence of `plain-crypto-js` in environments where it was not explicitly required.
## Associated Threat Actors
- Unknown (Attributed generally to "AI-assisted threat actors" and supply chain attackers targeting upstream repositories like npm and PyPI).
## Detection Methods
- **Software Composition Analysis (SCA):** Identifying the presence of `axios` versions higher than `1.14.0` (in the affected branch) or `0.30.3`.
- **Inventory Scanning:** Searching for the `plain-crypto-js` folder within nested `node_modules`.
- **EDR/Endpoint Detection:** Monitoring for the creation of specific artifacts like `wt.exe` or `ld.py`.
- **Network Monitoring:** Flagging or blocking outbound traffic to `sfrclak[.]com`.
## Mitigation Strategies
- **Version Control:** Immediately downgrade to verified safe versions: `[email protected]` or `[email protected]`.
- **Dependency Cleanup:** Manually or via script remove the `plain-crypto-js` directory.
- **Incident Response:** Treat any system running the compromised package as fully compromised.
- Rotate all secrets and credentials stored in or accessed by the system.
- Rebuild assets from clean, known-good snapshots.
- **Pipeline Hardening:** Rotate secrets for ephemeral CI/CD runners; treat self-hosted runners as compromised and redeploy.
- **Network Hardening:** Implement egress filtering to block known C2 infrastructure.
## Related Tools/Techniques
- **XZ Utils Compromise:** (Similar high-profile supply chain attack)
- **Log4Shell/Log4j:** (Similar ubiquity leading to widespread exposure)
- **Dependency Confusion Attacks:** (Related technique for injecting malicious code into private environments)