The same North Korean threat group that deployed AI-generated deepfakes to trick cryptocurrency executives into handing over system access has now pulled off one of the most consequential npm supply chain attacks in recent memory — and the blast radius is enormous.
Google's Threat Intelligence Group (GTIG) has formally attributed the March 31 compromise of the axios npm package to UNC1069, a financially motivated hacking crew with a confirmed North Korea nexus, active since at least 2018.
Between 00:21 and 03:20 UTC on March 31, 2026, the attacker introduced a malicious dependency named "plain-crypto-js" into axios versions 1.14.1 and 0.30.4. Axios is downloaded roughly 100 million times per week and is present in about 80% of cloud and code environments, according to Wiz.
The attack mechanism was surgical. The maintainer account for axios was compromised, with the associated email changed to an attacker-controlled ProtonMail address.
The threat actor then used a postinstall hook inside the malicious dependency to silently execute an obfuscated JavaScript dropper — dubbed SILKBELL — the moment a developer ran npm install. SILKBELL detected the victim's operating system and deployed platform-specific payloads across Windows, macOS, and Linux.
The backdoor delivered in this attack — WAVESHAPER.V2 — is a direct evolution of WAVESHAPER, a malware family Mandiant previously documented in a separate UNC1069 intrusion targeting a FinTech company.
In that earlier attack, the group used a compromised Telegram account, a spoofed Zoom meeting, and a reported AI deepfake of a crypto CEO to trick a victim into running "troubleshooting" commands — ultimately deploying seven unique malware families to harvest credentials, browser data, and session tokens.
"North Korean hackers have deep experience with supply chain attacks, which they've historically used to steal cryptocurrency," GTIG chief analyst John Hultquist said. The connection to prior crypto-targeting operations is not coincidental — it's a deliberate strategic pivot. Where social engineering targets individuals one at a time, poisoning a package with 100 million weekly downloads infects developers at industrial scale.
Mandiant CTO Charles Carmakal warned that secrets stolen through these supply chain attacks "will enable more software supply chain attacks, SaaS environment compromises, ransomware and extortion events, and crypto heists over the next several days, weeks, and months."
If you installed axios recently, act now. Developers who installed axios 1.14.1 or 0.30.4 should treat their system as fully compromised, isolate it from the network, and rotate all credentials — including npm tokens, AWS keys, SSH private keys, cloud credentials, and any values in .env files accessible at install time.
Do not attempt to clean in place; rebuild from a known-good state. Check for the presence of /Library/Caches/com.apple.act.mond (macOS), %PROGRAMDATA%\wt.exe (Windows), or /tmp/ld.py (Linux) as indicators of active compromise.