Google researchers have tied a major breach of the Axios JavaScript library to a North Korean hacking group, exposing a vulnerability that affects millions of developers worldwide.
The attack compromised a maintainer account for Axios, a widely downloaded package used to handle web requests in JavaScript applications. Hackers published at least two malicious versions before discovery, each designed to steal credentials from users on Windows, macOS, and Linux systems.
Google's threat intelligence team attributed the intrusion to UNC1069, a group previously known for targeting cryptocurrency and decentralized finance operations. The malicious code remained live for roughly three hours before being removed from npm, the platform where developers download software packages.
The scale of potential exposure is staggering. Security firm Wiz estimates Axios gets downloaded approximately 100 million times weekly and is present in roughly 80% of cloud and code environments. Early scans suggest the poisoned versions reached about 3% of environments monitored by Wiz, though the true scope remains unclear.
John Hultquist, chief analyst at Google Threat Intelligence Group, warned the incident could trigger
Comments