North Korea Hijacked Axios, the npm Package in 80% of Cloud Apps: What Developers Must Do Now

The security community's worst supply chain nightmare has arrived. On March 31, 2026, a North Korean threat group successfully compromised Axios — the HTTP client library downloaded approximately 100 million times per week and present in an estimated 80% of cloud and enterprise JavaScript environments.

According to Google Cloud's Threat Intelligence team, the actor — tracked as UNC1069 (also known as Sapphire Sleet by Microsoft) — used precision social engineering to deceive an Axios maintainer into merging a malicious dependency called plain-crypto-js into two package versions. The backdoor, identified as WAVESHAPER.V2, was live for approximately three hours before detection, but that window was enough.

What Happened: The Attack Sequence

As reported by TechCrunch, the operation was carefully premeditated — likely weeks in preparation:

1. Week of March 17: UNC1069 established a credible GitHub identity with a history of legitimate-looking open-source contributions.
2. March 24-29: The actor engaged Axios maintainer Jason Saayman with several helpful, legitimate pull requests — establishing trust.
3. March 31, 00:21 UTC: A final pull request containing the malicious plain-crypto-js dependency was merged by the unsuspecting maintainer.
4. March 31, 00:21–03:20 UTC: Axios versions v1.14.1 and v0.30.4 containing the backdoor were published to npm and downloaded by automated systems globally.
5. March 31, 03:47 UTC: The npm security team received an alert, confirmed the compromise, and yanked the malicious versions.

The Hacker News reported that approximately 3% of Axios's weekly install base — roughly 3 million downloads — pulled the compromised versions during the exposure window.

What the Backdoor Did

WAVESHAPER.V2 was designed for reconnaissance and credential harvesting, not immediate destruction. Once installed, it:

• Sent environment variables (including process.env contents) to a command-and-control server over HTTPS
• Harvested cloud credentials: AWS access keys, service account tokens, API keys stored in environment variables
• Created a persistent callback mechanism that survived package updates in many CI/CD configurations
• Targeted build pipeline environments specifically, where privileged credentials are most accessible

The attack mirrors the same cascade that hit EU Commission infrastructure in early April via the Trivy supply chain attack — environment variables in build systems are where the most sensitive credentials live.

Who Is at Risk

If your project uses Axios and your package-lock.json, yarn.lock, or pnpm-lock.yaml resolves to [email protected] or [email protected] anywhere in the dependency tree — including transitive dependencies — you should treat your build environment credentials as potentially compromised.

High-risk environments:

• CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, CircleCI) where secrets are injected as environment variables
• Docker build environments with mounted credential files
• Kubernetes clusters where build pods have access to cluster service accounts
• Development machines with active cloud CLI sessions

Immediate Response Checklist

If you pulled the affected versions:

1. Rotate all credentials immediately — AWS access keys, API keys, service account tokens, database passwords. Do not just revoke; rotate.
2. Audit your logs — Check for unexpected outbound HTTPS calls from your build environment to unfamiliar endpoints during March 31.
3. Scan your lock files — Run grep -r "axios" package-lock.json | grep "1.14.1\|0.30.4" across all repositories.
4. Force resolution to clean version — Pin axios to 1.14.2 or later in your package.json.
5. Review merged pull requests — Audit PRs merged in the last 30 days for any that introduce unfamiliar dependencies.

Detection using PII and secrets scanning:

# Check if your deployed environment leaks secrets via API responses
# Use GlobalShield API to scan API responses for accidentally exposed credentials
 
curl -X POST https://apivult.com/api/globalshield/v1/detect \
  -H "X-RapidAPI-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "YOUR_ENVIRONMENT_VARIABLE_VALUES_HERE",
    "detect_types": ["API_KEY", "PASSWORD", "AWS_CREDENTIAL", "SECRET_TOKEN"]
  }'

Use GlobalShield API to scan your application's API responses and log outputs for accidentally exfiltrated credentials that may have been captured in transit.

The Broader Pattern: Maintainer Trust Attacks

The Axios incident is not isolated. The same April 2026 period saw:

• LiteLLM compromise (March 31): The widely-used LLM proxy framework was backdoored by the same group (TeamPCP), affecting AI companies including Mercor, which confirmed to Fortune that user biometric data was exposed.
• Trivy supply chain attack (April 3): Security scanning tool AquaSec Trivy was modified to harvest AWS credentials, which were then used to breach EU Commission infrastructure, as reported by Help Net Security.

The common thread: all three attacks targeted developer tooling — the software your team trusts implicitly in build pipelines. The attackers understood that a single compromised developer tool can cascade into thousands of downstream environments.

What This Means for API Security

For teams building or consuming APIs, the Axios attack has specific implications:

API key rotation policy: Any API key that passes through JavaScript/Node.js environments should be considered potentially exposed if your lock files resolved to the compromised Axios versions. This includes RapidAPI keys, Stripe keys, AWS access keys, and any other secrets stored in .env files or CI environment variables.

Dependency monitoring: Adopt a dependency monitoring tool (Dependabot, Snyk, Socket.dev) that alerts when maintainer accounts show unusual activity — not just when new CVEs are published.

Supply chain verification: Enable npm provenance attestation for your published packages and verify attestation when installing critical dependencies.

Credential scanning in pipelines: Add automated secret scanning to your CI/CD pipeline so leaked credentials are caught before they reach production logs.

What Happens Next

The npm security team has published a security advisory. GitHub has suspended the compromised account. Axios maintainers have published v1.14.2 with an audit of the entire recent commit history.

For the security community, the incident confirms what researchers have warned for years: the most dangerous attack surface in modern software development is not your application code — it is the build pipeline that assembles it.

Sources

• Google Cloud Blog: North Korean Threat Actor Targets Axios npm Package — Google Cloud Threat Intelligence, April 2026
• TechCrunch: North Korea's Hijack of Axios Was Likely Weeks in the Making — TechCrunch, April 6, 2026
• The Hacker News: Google Attributes Axios npm Supply Chain Attack — The Hacker News, April 2026
• Fortune: Mercor AI Startup Security Incident — Fortune, April 2, 2026
• Help Net Security: European Commission Cloud Breach — Help Net Security, April 3, 2026