Axios npm Hack: How North Korea Hijacked an Open-Source Maintainer

What Happened to Axios — and Why It Matters Beyond npm

Axios is one of the most downloaded JavaScript packages on the internet, recording over 50 million weekly downloads on npm. In May 2025, its maintainers published a detailed post-mortem confirming that a North Korean threat actor had successfully compromised the account of one of its developers through a targeted social engineering campaign. The attacker did not exploit a code vulnerability. They exploited a person. The method was deceptively straightforward. The developer received what appeared to be a Microsoft Teams error message — a fake troubleshooting prompt designed to trick them into running a malicious script. Once executed, the script handed over account credentials, giving the attacker authenticated access to the Axios npm account. From there, the attacker published a backdoored version of the package. This is not a story about a misconfigured server or an unpatched system. It is a story about how nation-state actors now routinely target the maintainers of open-source software as a vector to reach the millions of downstream applications that depend on those packages. If your business runs Node.js applications — or any software with a dependency tree that touches npm — this incident is directly relevant to your risk posture.

How Did a Fake Teams Error Message Become a Supply Chain Weapon?

The technique used against the Axios maintainer belongs to a category of attacks security researchers have attributed to North Korean threat clusters, particularly groups operating under the Lazarus umbrella. These actors have refined a playbook that combines social engineering with developer-specific lures — fake job offers, fabricated onboarding documents, and, as seen here, spoofed application error messages. The fake Teams error prompt is particularly effective because it exploits a reflex that developers have built up over years: when something breaks, you run a fix. The attacker crafts a message that mimics a legitimate error dialogue, instructs the victim to paste a command into their terminal to resolve it, and waits. The command installs a remote access tool or harvests credentials silently in the background. What makes this variant dangerous is the context. The target is not a random employee — they are a trusted maintainer with publish rights to a package used by millions. The attacker is not after this one developer's laptop. They are after the package registry account sitting behind it. According to reporting by BleepingComputer, the Axios maintainers confirmed the attack followed this pattern and attributed the campaign to North Korean state-sponsored actors, consistent with a broader pattern of software supply chain intrusions the US government has publicly linked to Pyongyang-backed groups since at least 2022.

Why Open-Source Maintainers Are High-Value Targets

The Axios incident fits a pattern that security teams should understand clearly. Open-source maintainers sit at a unique intersection: they have trusted access to widely distributed software, they often work independently or in small volunteer teams, and they typically operate without the security controls that enterprise employees work under. There is no SOC monitoring their endpoints. There is no email gateway flagging suspicious messages. There is no mandatory hardware token enforcing multi-factor authentication on their npm account. The attacker knows this. Targeting a maintainer gives a threat actor access to an unsigned cheque — the ability to push malicious code to a package that will be silently consumed by automated build pipelines across thousands of organisations. The numbers illustrate the exposure. A successful supply chain attack through a popular npm package can reach downstream applications within hours of publication, before any security advisory is issued. The SolarWinds compromise in 2020 and the XZ Utils backdoor discovered in 2024 both followed a similar logic: compromise the source, poison the supply. For organisations that consume open-source dependencies — which is effectively every organisation running modern software — the question is not whether their developers might be targeted. It is whether they have the visibility to detect when a dependency they trust has been tampered with.

What Security Controls Were Missing?

The Axios post-mortem is useful precisely because it is honest. The maintainers identified several control gaps that the attacker exploited. Examining those gaps tells security teams what to prioritise. First, account security on the npm registry itself. Publishing rights to a package of Axios's scale should require hardware-backed multi-factor authentication as a minimum. npm has supported this for years. If the maintainer's account fell to a credential-harvesting script, MFA was either absent or implemented via a method the attacker could bypass. Second, endpoint protection on developer machines. The malicious script executed on the developer's own workstation. An endpoint detection and response solution capable of behavioural analysis — rather than simple signature matching — should flag and block the execution of a script that immediately begins exfiltrating credentials or establishing an outbound connection to a command-and-control server. Third, supply chain monitoring. Once the backdoored package was published, organisations consuming Axios had a window of exposure before the incident was disclosed. Continuous monitoring of third-party dependencies for unexpected version changes, new maintainers, or anomalous package behaviour would have shortened that window materially. Fourth, and most commonly overlooked: there was no third-party risk process applied to the open-source packages themselves. Most organisations apply supplier risk management to contracted vendors but treat their npm dependency tree as inherently trustworthy. The Axios incident demonstrates that open-source maintainer accounts carry supply chain risk in exactly the same way a SaaS vendor does.

What This Means for UK and New Zealand Businesses

Software supply chain attacks are not the exclusive concern of large enterprises or government agencies. Any business that runs a web application, uses a JavaScript framework, or relies on automated build pipelines is exposed to this class of threat. For UK businesses, the National Cyber Security Centre has explicitly identified software supply chain compromise as a tier-one threat in its annual Cyber Threat Report. For New Zealand and Australian organisations, the Australian Cyber Security Centre's guidance on software supply chain risk, updated in 2023, sets out similar warnings and recommends dependency integrity verification as a baseline control. The practical implication: if your development team pulls packages from npm, PyPI, or similar registries without automated integrity checks, version pinning, or third-party risk monitoring, you are implicitly trusting that every maintainer of every dependency in your tree has not been socially engineered by a nation-state actor. That is not a reasonable assumption in 2025. The Axios incident also reinforces something broader about social engineering. The developer who was targeted did not make a naive mistake — they responded to what appeared to be a routine, familiar prompt. The sophistication of North Korean social engineering campaigns has increased substantially since 2022, with the Mandiant and Microsoft threat intelligence teams both documenting a shift toward developer-specific lures and identity-based attacks rather than mass phishing.

How to Protect Your Business from Supply Chain Social Engineering

Two products from the Kyanite Blue stack address the specific threat vectors the Axios incident exposed. The first is Panorays, our third-party supply chain risk management platform. Panorays extends the logic of vendor risk management to cover the full supplier ecosystem — including the implicit suppliers represented by open-source dependencies. For development-heavy organisations, Panorays provides continuous monitoring of third-party risk signals, alerting security teams when a package's trust profile changes unexpectedly. This is the control that would have shortened the exposure window after the backdoored Axios version was published. Learn more about Panorays at /products/panorays. The second is Coro, which covers email and endpoint security for UK-based businesses. The attack vector here was a social engineering message that prompted the developer to execute a malicious script on their workstation. Coro's endpoint protection component uses behavioural detection to identify and block exactly this type of post-execution activity — credential scraping, unusual outbound connections, and script-based lateral movement — before the damage is done. For NZ and Australian businesses, ESET's enterprise endpoint protection provides equivalent behavioural analysis capability at the device level. Find out more at /products/coro or /products/eset. For organisations that want a clear picture of their current attack surface exposure — including third-party risk gaps and unmonitored dependency chains — Hadrian provides continuous, AI-driven attack surface management. Hadrian maps what is visible to an attacker and flags the paths most likely to be exploited, including third-party integrations that carry hidden risk. Details at /products/hadrian. If you are unsure how exposed your business is to supply chain compromise or developer-targeted social engineering, start with a free security assessment. Our team at Kyanite Blue Labs can review your current posture and identify the specific gaps most relevant to your environment. Get in touch at /contact or check your data exfiltration risk in two minutes at /data-exfiltration-risk.

Frequently Asked Questions