DPRK's Sapphire Sleet Backdoors Axios npm Package: 100 Million Weekly Downloads at Risk

On March 31 2026, a threat actor compromised the npm account of an axios maintainer and published two backdoored versions: axios 1.14.1 and axios 0.30.4. The malicious versions were live for approximately three hours (00:21–03:15 UTC) before npm’s security team removed them. During that window, a cross-platform remote access trojan was delivered to every system that ran npm install for axios.

CISA issued Advisory AA26-110A on April 20 2026. Microsoft’s Threat Intelligence Center attributed the attack to Sapphire Sleet — a North Korean state-sponsored actor also tracked as BlueNoroff and, independently by Google’s Threat Intelligence Group, as UNC1069.

Technical Details

The backdoored packages contained a postinstall hook that downloaded and executed a staged payload:

• Windows: PowerShell downloader → obfuscated C++ implant
• macOS: Shell script → Python-based persistence agent
• Linux: Shell script → Python RAT with systemd persistence

The deployed RAT provided full shell access, file exfiltration, credential harvesting from browser profiles and credential managers, and comprehensive environment variable extraction — specifically targeting cloud provider credentials (AWS, Azure, GCP), SSH private keys, npm publish tokens, and CI/CD pipeline secrets.

Who Is Exposed

Axios has approximately 100 million weekly downloads. It is a dependency — direct or transitive — in virtually every JavaScript-based CI/CD pipeline, containerised application, serverless function, and API client. Exposure is concentrated in organisations whose automated builds:

• Run npm install without a committed lockfile
• Install npm packages inside Docker build steps (which do not use lockfiles by default)
• Have version ranges in package.json matching ^1.14.x or ^0.30.x
• Ran CI/CD jobs between 00:00–04:00 UTC on March 31 2026

Organisations that use npm ci with a committed package-lock.json that was last updated before March 31 are unlikely to have been affected — npm ci respects the locked version exactly.

Recommended Actions

• Audit CI/CD logs immediately for any axios 1.14.1 or 0.30.4 installs between 00:00–04:00 UTC on March 31 2026 — check npm/yarn logs, Docker build logs, and package-lock.json git history.
• Assume CI/CD pipeline compromise if either version was installed — rotate all secrets present in that environment: cloud credentials, deployment keys, npm tokens, container registry tokens, and repository access tokens.
• Revoke and rotate npm publish tokens used in any affected pipeline regardless of scope.
• Audit downstream artefacts built during and after the exposure window — container images, packages, and deployed applications built from compromised pipelines may contain persistence mechanisms and should be rebuilt from a clean baseline.
• Enforce npm ci with committed lockfiles in all CI/CD pipelines — this provides the strongest protection against future maintainer compromise attacks.
• Enable npm package provenance verification and consider mirroring critical dependencies through a private registry with hash pinning.

Broader Context

Sapphire Sleet has previously operated via fake job interviews, trojanised developer tools, and targeted smaller npm packages. Targeting axios — a package with 100 million weekly downloads — represents a significant escalation in ambition. CISA’s advisory explicitly notes that organisations cannot assume they are unaffected simply because they did not deploy production code from the malicious versions; attackers likely exfiltrated CI/CD secrets that remain valid in deployed infrastructure regardless of whether any application reached production.

This attack follows the Axios maintainer credential compromise pattern used in multiple DPRK operations. North Korea’s supply chain operations are now explicitly targeting the software delivery pipeline itself, not just end products.