North Korean threat actors with ties to UNC1069 have seized control of the npm account belonging to the lead maintainer of Axios, a popular npm package with nearly 100 million weekly downloads. The attackers pushed malicious versions containing cross-platform malware dubbed WAVESHAPER.V2, demonstrating how quickly the compromise of a popular package can have ripple effects through the ecosystem.
The incident highlights the growing threat to the developer supply chain, where compromised packages can affect millions of applications and potentially lead to widespread credential theft and system compromises. This attack follows a pattern of North Korean groups targeting critical infrastructure components in the software development ecosystem.
