Mandiant says UNC1069 compromised the axios NPM package and deployed WAVESHAPER.V2; John Hultquist attributes it to UNC1069 and notes DPRK targets crypto; BleepingComputer ties a Trivy-linked dev breach to stolen Cisco source code; Giuseppe N3mes1s shares confirmed attacker domains; vx-underground riffs on the incident and its fallout.
North Korea-nexus actor UNC1069 compromised the "axios" NPM package (v1.14.1 & 0.30.4), deploying the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.
we’ve attributed it to UNC1069, a suspected DPRK actor
Cisco source code stolen in Trivy-linked dev environment breach
Keep pushing the pivots of the axios supply chain compromise
Big shenanigans on the internet today as Threat Researchers speperhypothulate that the Threat Actor responsible for the Axios supply chain attack
The Huntress SOC is currently tracking a sophisticated supply chain attack targeting the popular axios npm package.
Axios Supply Chain Update
We are attributing the incident to a suspected North Korean threat actor we track as UNC1069.
You are affected by this if these two things are true:
Imagine compromising an npm package and not even making a wormy boi.
This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.
← Back to Cyber Security