Software supply chain attacks have rapidly emerged as one of the most dangerous threats in modern cybersecurity. Instead of targeting organizations directly, attackers compromise trusted third-party components turning widely used dependencies into attack vectors. The Node.js ecosystem, powered by npm, has become a prime target due to its massive reliance on open-source packages.
One such incident involving Axios, a popular HTTP client library used across millions of applications, highlights the growing risk of dependency trust. With millions of weekly downloads, Axios is deeply embedded in both frontend and backend development workflows. A compromise in such a package has the potential to impact thousands of organizations globally.
This blog provides a deep dive into
- Axios NPM supply chain compromise and its technical behavior
- Infection chain and timeline
- Indicators of compromise (IOCs), and
- Mitigation strategies.
What is Axios and why was it a target?
Axios is a widely adopted, promise-based HTTP client for JavaScript, used across both browser and Node.js environments to streamline API communication through a clean and intuitive interface. Its simplicity and flexibility have made it a default choice for developers building modern web applications. However, with over 100 million weekly downloads on npm, Axios represents a critical piece of the software supply chain and an extremely attractive target for threat actors. This level of adoption means that even a tiny fraction of users installing a malicious or impersonated version can lead to a massive impact. In fact, if just 0.01% of developers unknowingly pull a compromised package, it can translate into thousands of affected systems, creating a significant blast radius for credential theft, data exfiltration, and downstream compromise.
Typical use cases of Axios include:
- Fetching data from APIs
- Sending POST/PUT requests
- Handling authentication tokens
- Integrating third-party services
What happened in the Axios Supply chain attack - Technical breakdown
The Axios compromise was not a simple malicious package injection; it was a multi-stage, carefully orchestrated supply chain attack involving account takeover, dependency staging, and rapid payload deployment. Below is a technical reconstruction of the attack lifecycle.
Axios NPM Supply Chain Attack: Step-by-Step Execution
- Maintainer npm account compromised (token theft)
- Malicious dependency (plain-crypto-js) pre-staged
- Backdoored Axios versions published
- Developers / CI pipelines install compromised package
- Malicious postinstall script executed
- System fingerprinting + C2 communication initiated
- Cross-platform RAT (WAVESHAPER.V2) deployed
- Credential theft + persistence established
- Anti-forensics cleanup (self-delete + manifest swap)
Simplified Attack Chain
- Malicious code introduced via trusted dependency
- Package published under legitimate project
- Developers unknowingly install/update dependency
- Payload executes during install/runtime
- Sensitive data exfiltrated + system compromised
Threat Actor Tradecraft & Malware Analysis
The Axios attack demonstrated a high level of operational planning, particularly through its pre-staging and execution strategy. Nearly 18 hours before the malicious release, the attacker published a benign package (plain-crypto-js) to establish trust within the npm ecosystem. During this window, platform-specific payloads were prepared for Windows, macOS, and Linux, enabling broad compatibility at the time of execution.
On March 31, the attacker deployed the payload with precision, publishing two backdoored versions of Axios within a 39-minute window targeting both the latest (1.14.1) and legacy (0.30.4) versions. This ensured that a default npm install axios would resolve to a compromised package regardless of version constraints, significantly increasing the attack’s reach.
A key aspect of this campaign was the bypass of OIDC (OpenID Connect) Trusted Publishing protections. Although OIDC was enabled, the presence of a fallback NPM_TOKEN allowed the attacker to authenticate using a long-lived token, effectively bypassing provenance checks. This highlights a critical misconfiguration where secure mechanisms can be undermined by legacy authentication paths.
The malware also incorporated anti-forensics techniques, including a self-destruct mechanism that replaced its malicious package.json with a clean decoy and removed execution traces. This “manifest swap” approach significantly complicates post-incident analysis and reduces the likelihood of detection.
WAVESHAPER.V2: Cross-Platform RAT Framework
At the core of the attack was the deployment of WAVESHAPER.V2, a sophisticated cross-platform Remote Access Trojan. Rather than using separate tools for each operating system, the attacker implemented a unified implant framework, with native payloads tailored for different environments:
- macOS: AppleScript-based payload
- Windows: PowerShell-based payload
- Linux: Python-based payload
Despite platform differences, all variants shared:
- Identical command-and-control (C2) protocol
- Consistent beaconing behavior
- Unified command structure
This design indicates a well-engineered malware framework capable of scaling across diverse environments while maintaining operational consistency.
One particularly interesting forensic artifact was the use of a hardcoded legacy user-agent string (Internet Explorer 8 / Windows XP) across all variants. While this may have been intended to standardize C2 communication or evade simplistic filtering, it also creates a strong detection opportunity, as such traffic is highly anomalous in modern environments especially on macOS and Linux systems.
The level of planning, cross-platform tooling, and evasion observed in this campaign strongly indicates the involvement of a well-resourced threat actor.
Threat Actor Attribution: Who Was Behind the Axios Attack?
The Axios supply chain compromise has been attributed with high confidence to North Korean state-linked threat actors, based on consistent overlaps in infrastructure, malware behavior, and operational tradecraft. Multiple security vendors and threat intelligence teams independently analyzed the campaign and arrived at converging conclusions, indicating that this was not an isolated incident but part of a broader pattern of nation-state activity targeting the software supply chain.
The activity has been primarily linked to UNC1069, a cluster known for conducting targeted operations against developers and cryptocurrency ecosystems. The group’s use of maintainer account compromise, staged dependency insertion, and rapid exploitation aligns closely with their previously observed tactics. Their operations typically focus on harvesting credentials and gaining persistent access to high-value environments, particularly where financial assets or sensitive infrastructure are involved.
UNC1069
- North Korea–linked threat cluster active since ~2018
- Strong focus on developer targeting and supply chain attacks
- Known for targeting cryptocurrency and DeFi platforms
- Uses credential theft + RAT deployment for persistence
- Demonstrates pre-staging techniques (as seen with dependency planting)
At the same time, Microsoft Threat Intelligence has attributed the campaign to a threat actor they track as Sapphire Sleet. This group is part of the broader North Korean cyber apparatus and has a well-documented history of targeting software developers and enterprise environments. Their campaigns often involve credential theft and abuse of trusted platforms to scale access, which strongly mirrors the behavior seen in the Axios incident.
Sapphire Sleet (Microsoft Attribution)
- Part of the broader DPRK cyber operations ecosystem
- Specializes in credential harvesting and enterprise compromise
- Frequently targets developer workflows and software ecosystems
- Known for abusing trusted platforms (npm, GitHub, cloud services)
Additional reporting has also referenced UNC6780, also known as TeamPCP, which has been associated with campaigns involving developer impersonation, malicious package distribution, and credential harvesting. While attribution to UNC6780 is not as widely confirmed as UNC1069, the group’s known tradecraft particularly around targeting developers and leveraging software ecosystems shows notable overlap with the techniques observed in this attack.
UNC6780 / TeamPCP
- Known for developer impersonation campaigns
- Associated with malicious npm/package distribution
- Focus on credential harvesting and initial access
Further supporting attribution comes from CrowdStrike, which assessed with moderate confidence that the activity is linked to STARDUST CHOLLIMA. This cluster has been associated with financially motivated cyber operations, particularly in the cryptocurrency space, and is known for leveraging sophisticated malware and supply chain techniques to achieve widespread compromise.
STARDUST CHOLLIMA (CrowdStrike Attribution)
- Associated with financially motivated campaigns (crypto theft)
- Uses custom malware and multi-stage payload delivery
- Known for infrastructure reuse across campaigns
- Linked to broader DPRK clusters like CHOLLIMA groups
Overall, the convergence of these attributions points to a coordinated, state-sponsored campaign within the North Korean threat landscape. The attack demonstrates a strategic shift toward exploiting trust in open-source ecosystems, enabling attackers to achieve broad downstream access through a single point of compromise.
Indicators of Compromise (IoCs)
The Axios supply chain attack introduced a range of network, host, and package-level indicators that defenders can use for detection and threat hunting. The following IoCs have been confirmed across multiple analyses as of April 2026.
Detection Rules: Identify Axios Supply Chain Compromise
To determine whether your environment was affected by the Axios supply chain attack, defenders should combine host, network, and pipeline-level detection. Below are actionable detection rules across different security layers.NPM & Dependency Integrity Checks
Detect Suspicious NPM Package Installations
What this detects:
Identifies typosquatted or malicious Axios variants installed in your project.
How to check:
npm ls | grep -E "axios-http|node-axios|axois|axios\.js" Why it matters:
Attackers often use lookalike package names to trick developers. This helps quickly spot unauthorized dependencies.
Detect Suspicious Outbound Traffic from Node.js
What this detects:
Node/npm processes sending unexpected POST requests to external endpoints (possible data exfiltration).
Splunk Query:
index=network_proxy
dest_category="external"
uri_path IN ("/collect", "/env", "/data", "/exfil")
http_method="POST"
process_name IN ("node", "npm", "npx")
| stats count by src_ip, dest_host, uri_path, _time
| where count > 0 Why it matters:
Legitimate npm installs should not communicate with unknown external endpoints.
Detect Malicious Install-Time Behavior (Endpoint)
What this detects:
Node processes making outbound connections during package installation.
Osquery:
SELECT p.name, p.pid, p.cmdline, p.cwd, s.remote_address, s.remote_port
FROM processes p
JOIN process_open_sockets s ON p.pid = s.pid
WHERE p.name = 'node'
AND p.cmdline LIKE '%install%'
AND s.remote_address NOT IN ('127.0.0.1', '::1')
AND s.remote_port = 443; Why it matters:
Malicious npm packages often execute during install using postinstall scripts.
Prevent Malicious Packages in CI/CD
What this detects:
Blocks suspicious Axios variants during pipeline execution.
GitHub Actions Check:
if grep -r "axios-http\|node-axios\|axois" package.json package-lock.json; then
echo "ALERT: Suspicious axios variant detected"
exit 1
fiWhy it matters:
Stops compromised dependencies before they reach production.
Detect Known Malware Artifacts (YARA)
What this detects:
PowerShell-based dropper linked to the Axios attack.
YARA Rule:
rule G_Hunting_Downloader_suspected_UNC1069_PS_1 {
strings:
$ua = "MSIE 8.0"
$c2 = "sfrclak"
$pkg = "plain-crypto-js"
$key = "OrDeR_7077"
condition:
any of them
}Why it matters:
Matches multiple attack artifacts including C2 and obfuscation keys.
Blast Radius: Impact by the Numbers
Despite being active for only a short duration, the attack achieved significant scale due to Axios’s widespread adoption.
- Axios averages 80–100 million downloads per week
- Malicious versions were live for approximately 2–3 hours
- Estimated ~600,000 installations occurred during that window
- Axios is present in ~80% of cloud environments
- Approximately 3% of environments were exposed (those running installs during the window)
Risk Implication:
Organizations that executed npm install or triggered CI/CD pipelines during the exposure window should assume:
Full environment compromise, including potential leakage of credentials, tokens, and secrets.
MITRE ATTACK Tactics, Techniques and ID correlated with the Axios NPM Supply Chain Attack
Timeline of the Attack
- March 29: Maintainer account compromised (email changed, token abuse)
- March 30 (~06:00 UTC): Malicious dependency pre-staged (plain-crypto-js)
- March 31 (00:21 UTC): Backdoored axios@1.14.1 published
- March 31 (~01:00 UTC): Backdoored axios@0.30.4 (legacy) published
- March 31 (~03:15 UTC): Malicious versions detected and removed
- Exposure window: ~2–3 hours
What Makes This Attack Different from Previous npm Incidents
The Axios supply chain compromise represents a significant escalation in sophistication compared to earlier npm attacks. While previous incidents often relied on opportunistic tactics such as typosquatting or compromising lesser-known packages this campaign targeted one of the most widely used libraries in the JavaScript ecosystem.
Security researchers have emphasized that this attack should not be viewed as a one-off incident, but rather as a blueprint for future supply chain operations. The level of coordination observed including maintainer account compromise, pre-staged dependency deployment, and rapid multi-version poisoning—demonstrates a shift toward planned, scalable intrusion campaigns.
What sets this attack apart is the combination of multiple advanced techniques executed in a tightly controlled timeline. The attacker:
- Pre-staged infrastructure nearly 18 hours in advance
- Deployed multi-platform payloads (Windows, macOS, Linux)
- Compromised both active and legacy release branches within ~40 minutes
- Integrated self-destruct and anti-forensics mechanisms
This level of execution goes far beyond traditional npm attacks. Instead of targeting niche packages, the adversary deliberately chose a high-trust, high-distribution dependency, maximizing downstream impact. The result is a campaign that blends supply chain compromise, credential harvesting, and cross-platform malware delivery into a single, highly efficient operation.
Incident Response: If You Ran npm install During Exposure Window
If your environment executed npm install between March 31, 00:21–03:20 UTC, the safest assumption is:
Full system compromise
Given the speed and capabilities of the deployed malware, immediate action is required.
1. Rotate All Credentials
Assume all secrets exposed on the system are compromised:
- Cloud credentials (AWS, GCP, Azure)
- GitHub and npm tokens
- Database credentials
- Kubernetes secrets
2. Isolate the Affected Host
- Disconnect the system from the network immediately
- Revoke IAM roles and active sessions
- Prevent further communication with attacker infrastructure
3. Hunt for WAVESHAPER Persistence
Check for persistence mechanisms across platforms:
- Windows: Scheduled Tasks, Registry Run keys
- macOS: LaunchAgents / LaunchDaemons
- Linux: Cron jobs, systemd services
4. Block Known C2 Infrastructure
Immediately block the following:
- Domain: sfrclak[.]com
- IP: 142.11.206(.)73
5. Investigate Lateral Movement
Search logs for suspicious behavior:
- Look for IE8 / Windows XP User-Agent strings
- Identify unusual outbound HTTPS traffic
- Check access to internal systems from the affected host
6. Remediate Dependency
Install a safe version of Axios:
npm install axios@1.14.0 --ignore-scripts
The --ignore-scripts flag ensures that no malicious install-time scripts are executed.
Final Thoughts: Securing Trust in the Software Supply Chain
The Axios supply chain attack serves as a reminder that modern software development is deeply interconnected, and with that interconnectedness comes shared risk. A single point of compromise in a trusted component can cascade across thousands of systems, often without immediate visibility.
As organizations continue to rely on open-source ecosystems, securing the software supply chain must become a foundational priority rather than an afterthought. This includes strengthening controls around dependency usage, improving monitoring and detection capabilities, and ensuring that development workflows are resilient against emerging threats.
Ultimately, the challenge is not just preventing individual attacks, but adapting to an evolving threat landscape where trust itself can be weaponized. Building resilient systems requires not only secure code, but also secure dependencies, secure processes, and continuous vigilance.
External References:
https://www.elastic.co/security-labs/axios-one-rat-to-rule-them-all
FAQs
Q1. What is a software supply chain attack in the npm ecosystem?
A) A software supply chain attack occurs when attackers compromise a trusted dependency (like an npm package) to distribute malicious code to downstream users, enabling large-scale, indirect compromise of applications.
Q2. How was the Axios package leveraged in this supply chain compromise?
A) Attackers abused the trust and widespread adoption of Axios by injecting or distributing malicious components, allowing them to execute unauthorized actions within applications that relied on the library.
Q3. What evasion techniques are commonly used in npm supply chain attacks?
A) Techniques include obfuscated JavaScript, environment-aware payload execution (only triggering in production), delayed execution to bypass sandboxing, and conditional logic to avoid detection in security tools or researcher environments.
Q5. How can CI/CD pipelines be hardened against supply chain attacks?
A) Security can be strengthened by enforcing dependency verification, restricting external network calls during builds, using artifact signing, and implementing strict access controls for package publishing and updates.
Get Notified
BLOGS AND RESOURCES
