A North Korean supply chain attack has compromised the popular Axios npm package — one of the most downloaded JavaScript HTTP libraries in the world — after a threat actor used a long-lived NPM access token to bypass the project's GitHub Actions OIDC-based CI/CD pipeline and publish backdoored package versions.
The attack, reported by SecurityWeek and attributed by Google's Threat Intelligence Group (GTIG) to the North Korean-linked cluster UNC1069, follows a pattern of DPRK-affiliated groups targeting developer tooling as a high-value entry point into software supply chains.
What Happened
Attackers obtained a long-lived NPM publish token — a legacy credential that pre-dates the project's adoption of the more secure GitHub Actions OIDC-based publishing workflow. By using this older token, they were able to publish new, backdoored versions of Axios directly to the npm registry without triggering the modern CI/CD controls the project had implemented.
The compromised token effectively provided a side channel around the project's security improvements, highlighting a critical gap: legacy credentials remain valid even after newer, more secure publishing mechanisms are put in place.
| Attack Detail | Value |
|---|---|
| Target Package | axios (npm) |
| Attack Vector | Long-lived NPM access token |
| CI/CD Bypass Method | Bypassed GitHub Actions OIDC workflow |
| Attributed Threat Actor | UNC1069 (North Korea-linked) |
| Motivation | Financial — credential/secret theft from developer environments |
The Token Bypass Technique
Modern npm publishing best practices recommend using GitHub Actions OIDC tokens for publishing, which are short-lived, scoped, and tied to specific GitHub Actions workflow runs. These tokens cannot be reused outside of the specific workflow context that generated them.
However, many npm packages — especially long-standing ones — have grandfathered legacy publish tokens created before OIDC support existed. These tokens:
- Are long-lived with no automatic expiry
- Are not tied to any specific workflow or deployment pipeline
- Can be used from anywhere — not just GitHub Actions runners
- Are often stored in CI/CD secrets but are rarely audited or rotated
An attacker who obtains such a token can publish any version of the package at will, regardless of what security controls the project has added to its repository or CI/CD pipeline.
Why Axios Is a Critical Target
Axios is one of the most depended-upon packages in the entire npm ecosystem:
- Consistently ranks in the top 5 most downloaded npm packages with hundreds of millions of weekly downloads
- Used in React, Vue, Angular, Svelte, and virtually every major JavaScript framework
- Integrated as a transitive dependency in thousands of other packages
- Part of default scaffolding in Create React App, Next.js, Nuxt, and many more
- Automatically installed in CI/CD pipelines during build processes
Compromising Axios means that any developer, CI/CD runner, or build system that executes npm install against a lockfile referencing the backdoored version will silently install the malicious payload. In CI/CD contexts, this gives attackers access to environment secrets, cloud credentials, and deployment keys.
North Korean Supply Chain Targeting
Google's Threat Intelligence Group formally attributed this attack to UNC1069, a North Korean threat cluster with a history of financially motivated attacks against software developers, cryptocurrency platforms, and technology companies.
UNC1069 and related DPRK-affiliated groups have demonstrated a consistent strategy of:
- Targeting developer credentials — NPM tokens, GitHub tokens, SSH keys
- Poisoning the supply chain — injecting malicious code into packages used by target organisations
- Focusing on cryptocurrency and fintech — maximising financial returns from compromised developer environments
- Using social engineering as an entry point — fake job offers, trojanised interview assessments, and developer tool lures
This attack fits the established pattern: compromise a widely used developer tool to gain broad, automated access to developer machines and CI/CD infrastructure across thousands of organisations simultaneously.
Immediate Response
1. Audit Your Axios Version
# Check currently installed axios version
npm list axios
# Check across the full dependency tree
npm ls axios --all 2>/dev/null
# Verify against package-lock.json
grep -A2 '"axios"' package-lock.json | head -202. Verify Package Integrity
# Use npm audit to flag any known issues
npm audit
# Verify the published package signature (npm 9+)
npm audit signatures
# Check the npm registry for the current trusted version
npm view axios dist-tags3. Rotate Secrets if Affected
If your environment installed a backdoored version:
# Immediately rotate all secrets in the affected environment:
# - NPM tokens
# - GitHub/GitLab personal access tokens
# - Cloud provider credentials (AWS, GCP, Azure)
# - Database connection strings
# - API keys stored in environment variables
# Revoke npm tokens via CLI
npm token list
npm token revoke <token-id>4. Harden Your npm Publishing Pipeline
For package maintainers, this incident illustrates the importance of:
# Audit all existing npm publish tokens and revoke legacy ones
npm token list
npm token revoke <old-token-id>
# Enable npm Provenance (links published packages to source repo and CI)
# In package.json:
# "publishConfig": { "provenance": true }
# Enforce OIDC-only publishing via GitHub Actions
# Ensure no long-lived tokens remain in repository secretsThe Broader Pattern: DPRK Developer Tooling Attacks
This incident is part of a sustained campaign by North Korean threat actors targeting the software development ecosystem:
| Incident | Method | Target |
|---|---|---|
| Axios (this attack) | Legacy NPM token | npm ecosystem |
| UNC1069 fake Zoom | Trojanised installer | Crypto developers |
| Lazarus GraphAlgo | Malicious npm/PyPI packages | Blockchain developers |
| UNC4899 airdrop | Trojanised crypto tools | DeFi developers |
| Notepad++ supply chain | China APT CDN injection | Windows developers |
The common thread: attacking the tools developers trust to gain persistent, automated access to development environments and the secrets they contain.
Key Takeaways for Security Teams
- Audit and rotate all npm publish tokens — legacy tokens are a significant attack surface
- Enable npm Provenance for packages your organisation maintains
- Use
npm ci(notnpm install) in CI/CD pipelines to enforce lockfile integrity - Monitor dependency updates for unexpected version bumps in high-trust packages
- Treat CI/CD environments as privileged systems — the secrets they hold are as valuable as production credentials
Source: SecurityWeek — April 1, 2026