Hacker News
Axios NPM Supply Chain Attack Attributed to North Korean Threat Actor — 100M Weekly Downloads Compromised
On March 31, a North Korean threat actor (UNC1069/Sapphire Sleet) compromised the axios npm maintainer account and published backdoored versions (1.14.1 and 0.30.4) delivering a cross-platform RAT via a malicious 'plain-crypto-js' dependency. Axios has ~100M weekly downloads. The exposure window was approximately 3 hours (00:21–03:20 UTC). Google, Microsoft, Elastic, and Palo Alto Networks all published detailed analyses. 260 points on HN's post-mortem discussion.
↳ Follow the thread