NPM Supply Chain Attack: UNC1069 Uses Social Engineering to Compromise Axios

A highly-targeted social engineering campaign has been revealed as the cause of the supply chain compromise of the Axios npm package, with the maintainer confirming the attack was orchestrated by North Korean threat actors known as UNC1069.

According to Axios maintainer Jason Saayman, the attackers specifically tailored their social engineering efforts to target him, initially approaching him under the guise of the founder of a company.

The incident highlights the increasing use of social engineering tactics by threat actors to gain access to sensitive systems and compromise supply chains, emphasizing the need for increased vigilance and security measures to prevent such attacks.

The attack on Axios is a significant concern, given the package’s widespread use in the development community, and serves as a reminder of the importance of verifying the authenticity of interactions and being cautious when dealing with unfamiliar or suspicious requests.

As the threat landscape continues to evolve, it is essential for developers and maintainers to be aware of the risks associated with social engineering and to take proactive steps to protect themselves and their projects from such attacks.

Further information about the attack can be found at https://thehackernews.com/2026/04/unc1069-social-engineering-of-axios.html, which provides additional details on the incident and the tactics used by the UNC1069 threat actors.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Cookie-Controlled PHP Web Shells: A New Threat to Linux Servers

China-Linked TA416 Targets European Governments with Sophisticated Malware and Phishing Campaigns