Mar 31, 2026

The Axios npm Supply Chain Compromise: A North Korean APT's Bold Move

On March 31, 2026, the North Korean state actor Sapphire Sleet compromised Axios npm packages, injecting malware that deployed RATs on developer machines worldwide. Here's what happened and how to stay safe.

Security

Tags (6)

# security # supply-chain # north-korea # npm # axios # apt

On March 31, 2026, two malicious versions of the popular HTTP client library Axios were published to npm. Axios is downloaded over 70 million times per week, making it a high-value target for threat actors. The compromised versions (1.14.1 and 0.30.4) contained a hidden malicious dependency that downloaded a second-stage remote access trojan (RAT) from a North Korean-controlled command-and-control server.

Microsoft Threat Intelligence attributed this attack to Sapphire Sleet, a North Korean state-sponsored group known for targeting financial and cryptocurrency organizations.

Attack vector: silent dependency injection

The attackers used a sophisticated technique:

1. They created a malicious npm package [email protected] that contained a post-install script (setup.js).
2. They seeded a clean version [email protected] first to build a publishing history and avoid suspicion.
3. Then they published two Axios updates (1.14.1 and 0.30.4) that added plain-crypto-js@^4.2.1 as a dependency without modifying Axios source code.
4. The dependency’s post-install hook executed automatically during npm install or npm update, downloading the second-stage RAT.

Crucially, the malicious code never ran as part of the Axios library itself — it only existed in the dependency’s install script. This meant that normal application behavior remained unchanged while the malware quietly installed.

Multi-platform RAT deployment

The R payload was delivered to Windows, macOS, and Linux systems, with platform-specific stagers:

• Windows: VBScript stager → PowerShell RAT (6202033.ps1) → Persistence via %PROGRAMDATA%\wt.exe and registry Run key.
• macOS: AppleScript drops native binary to /Library/Caches/com.apple.act.mond.
• Linux/Other: Python payload /tmp/ld.py launched via nohup.

All platforms communicated with the same C2 endpoint: hxxp://sfrclak[.]com:8000/6202033 (IP: 142.11.206.73, Hostwinds VPS).

The RAT collected system information, maintained persistence, and allowed the threat actor to execute arbitrary commands, enumerate files, inject additional payloads, and terminate on demand.

Why this was so dangerous

• Scale: With 70M+ weekly downloads, even a fraction of users installing the malicious version affected hundreds of thousands of developer machines and CI/CD pipelines.
• Stealth: The attack left minimal on-disk artifacts; the loader deleted itself after execution, and the manifest was replaced with a clean-looking package.json.
• Trust: Axios is a staple in the JavaScript ecosystem. Many projects depend on it directly or transitively, making it a perfect supply chain vector.
• Financial motive: Sapphire Sleet is known for targeting cryptocurrency wallets and financial institutions. Compromising developer workstations gives access to credentials that can lead to high-value theft.

Who is Sapphire Sleet?

Sapphire Sleet (also tracked as UNC1069, STARDUST CHOLLIMA, Alluring Pisces, BlueNoroff, CageyChameleon, CryptoCore) is a North Korean state-sponsored threat actor active since at least 2020. Their primary focus is the financial sector — cryptocurrency, venture capital, blockchain — with the goal of generating revenue for the regime.

They are known for:

• Social engineering via LinkedIn
• Malicious links disguised as legitimate services
• Using cloud storage (OneDrive, Google Drive) for payload hosting
• Sophisticated, multi-stage attacks

Mitigation steps

If you or your organization use Axios:

1. Immediately downgrade to safe versions:
   • [email protected] or earlier (for 1.x line)
   • [email protected] or earlier (for 0.x line)
2. Remove ^ and ~ from your package.json — use exact versions to prevent auto-updates.
3. Clean npm cache: npm cache clean --force.
4. Scan for compromised versions:
   • Search developer machines for plain-crypto-js in node_modules
   • Check CI/CD logs for installations of [email protected] or [email protected]
5. Rotate all secrets that may have been exposed on affected systems.
6. Review network logs for outbound connections to sfrclak.com:8000 or 142.11.206.73.
7. Consider disabling postinstall scripts in production environments (npm ci --ignore-scripts).

Long-term defenses

• Enable Trusted Publishing with OIDC to eliminate stored npm credentials.
• Use private npm registries with vulnerability scanning.
• Implement automated dependency scanning (e.g., Dependabot, Snyk) with alerts on new releases.
• Pin critical dependencies and require manual review for upgrades.
• Educate developers about the risks of auto-updating dependencies from untrusted publishers.

Sources

• Microsoft Security Blog: “Mitigating the Axios npm supply chain compromise” (April 1, 2026)
• Huntress: Axios compromise impact analysis
• SANS Internet Storm Center
• Datadog Security Labs

Note: This incident underscores that software supply chains are critical infrastructure. Even the most trusted libraries can become weapons in the hands of sophisticated adversaries. Stay vigilant.

Update (Apr 22, 2026): Just three weeks after this Axios compromise, a new self-spreading npm worm dubbed CanisterWorm has emerged, demonstrating that supply chain attacks are evolving from isolated incidents to automated, viral threats. The ecosystem remains under active siege.