North Korean Group UNC1069 Behind Axios npm Supply Chain Attack

North Korean Group UNC1069 Behind Axios npm Supply Chain Attack

First seen 1 Apr 2026, 08:31 UTC ThehackernewsFeeds2.FeedburnerScworld 83% similarity 74.0

Article Content

Browse articles
ThreatCluster

On March 31, 2026, a supply chain attack targeting the Axios npm package was attributed to the North Korean cyber group UNC1069. This attack exploited vulnerabilities in the software supply chain, affecting numerous developers and organizations reliant on Axios for their applications. The attack's scope is significant, as it potentially compromises the integrity of software used widely across various sectors. The specific attack vector and tools used by UNC1069 have not been detailed in the articles. Current assessments indicate heightened alertness among organizations using Axios, with ongoing investigations into the full impact of the breach. As of April 1, 2026, Google has confirmed the attribution to UNC1069, emphasizing the need for enhanced security measures in software supply chains. The incident highlights the persistent threat posed by state-sponsored actors in the cybersecurity landscape.

Key Points: • The Axios npm package was targeted in a supply chain attack linked to North Korean group UNC1069. • The attack affects numerous developers and organizations using Axios for their applications. • Google confirmed the attribution to UNC1069, indicating a serious threat to software supply chains.

ThreatCluster AI

Timeline

2026-03-31
Supply chain attack on Axios npm package reported
2026-04-01
Google attributes attack to North Korean group UNC1069

Community

Browse all →