Inside the Axios Supply Chain Attack: A Detailed Q&A

In late March 2026, a sophisticated software supply chain attack targeted the widely used Axios NPM package, compromising versions 1.14.1 and 0.30.4. The attack, attributed to the North Korea–nexus threat actor UNC1069, introduced a malicious dependency named plain-crypto-js that deployed the WAVESHAPER.V2 backdoor. Below, we answer key questions about this incident to help you understand the breach, its mechanics, and how to defend against similar threats.

What exactly happened in the Axios supply chain attack?

On March 31, 2026, between 00:21 and 03:20 UTC, an attacker compromised the maintainer account of the popular JavaScript library Axios. They altered the package's email address to an attacker-controlled one (ifstap@proton.me) and injected a malicious dependency called plain-crypto-js into Axios versions 1.14.1 (for the latest release) and 0.30.4 (for the older branch). Axios is used by millions of projects worldwide, with weekly downloads exceeding 100 million for the main version. The injected dependency acted as a dropper for the WAVESHAPER.V2 backdoor, affecting Windows, macOS, and Linux systems. The attack was quickly identified by Google Threat Intelligence Group (GTIG), but not before the compromised packages were briefly available for download via NPM.

How did the attacker compromise the Axios NPM package?

The attacker gained unauthorized access to the Axios maintainer account on NPM. Once inside, they changed the registered email address to their own (ifstap@proton.me) — a key indicator of account takeover. With full control over the package, they added a malicious dependency named plain-crypto-js to the package.json file of both affected versions. To execute the malicious code silently, they exploited NPM's postinstall hook, which runs automatically after any package installation. The hook pointed to a script setup.js, which was obfuscated to evade detection. This technique allowed the attacker to deploy the backdoor on any system that installed or updated Axios, without requiring any user interaction beyond the routine npm install command.

What is the plain-crypto-js package and what does it do?

Plain-crypto-js is the malicious dependency injected into Axios. It serves as a payload delivery vehicle, not a real cryptographic library. The package contains an obfuscated JavaScript dropper named SILKBELL (setup.js, SHA256: e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09). Upon execution via the postinstall hook, the dropper dynamically checks the operating system of the host machine using Node.js built-in modules like os. It then uses custom XOR and Base64 obfuscation to hide the command-and-control (C2) URL and OS-specific commands. After delivering the appropriate backdoor payload, the dropper attempts to delete itself and revert package.json to remove traces of the malicious hook, making forensic analysis more difficult.

What operating system–specific payloads does the dropper deploy?

Once the SILKBELL dropper identifies the target OS, it executes a tailored payload delivery routine. On Windows, the dropper actively downloads and executes a secondary payload that establishes the WAVESHAPER.V2 backdoor. The exact mechanism varies but typically involves writing a file to disk and using shell commands to achieve persistence. On macOS and Linux, the dropper uses platform-appropriate commands — such as /bin/bash -c or curl for downloads — to fetch and run the same WAVESHAPER.V2 backdoor. The backdoor itself is a cross-platform threat that can persist on infected systems, communicate with remote C2 servers, and carry out commands like file exfiltration or lateral movement. The use of OS-specific execution paths increases the attack's success rate and makes it harder for generic security tools to detect.

Who is UNC1069 and why is this attack significant?

UNC1069 is a financially motivated threat actor with ties to North Korea, active since at least 2018. The group is known for using the WAVESHAPER backdoor family in past campaigns, often targeting cryptocurrency exchanges, financial institutions, and software supply chains. The reappearance of an updated version — WAVESHAPER.V2 — in this Axios attack strongly links the incident to UNC1069. Infrastructure artifacts from this campaign, such as C2 domains and IP addresses, overlap with those used in previous UNC1069 operations. This attack is significant because it demonstrates the group's continued evolution: they now target the NPM ecosystem, a prime vector for reaching thousands of developers and organizations simultaneously. The compromise of a package with over 100 million weekly downloads illustrates the high risk that supply chain attacks pose to the open-source community.

How can defenders detect and mitigate this supply chain attack?

To defend against this specific attack, organizations should immediately check if they have installed Axios versions 1.14.1 or 0.30.4. If so, treat those systems as compromised: scan for unknown processes, network connections to suspicious domains, and unexpected files like setup.js. More broadly, defenders should implement strict dependency pinning (use exact versions, not ranges), enable two-factor authentication on all package maintainer accounts, and set up alerts for unusual changes to package.json or postinstall hooks. Runtime security tools that monitor for unexpected child processes (like node setup.js) can catch the execution in real time. Additionally, regularly audit NPM dependencies using integrity checking tools (e.g., npm audit or Software Bill of Materials (SBOM) scanners) to identify known malicious packages. Finally, maintain offline backups of critical code and isolate build environments to limit the blast radius of any future supply chain attacks.