吴说区块链|Apr 01, 2026 12:10
Google Threat Intelligence Group (GTIG) disclosed a supply chain attack targeting axios. Between March 31, 2026, 00:21 and 03:20 UTC, attackers injected a malicious dependency, “plain-crypto-js,” into axios NPM versions 1.14.1 and 0.30.4. Through the postinstall script, an obfuscated setup.js was executed to deploy the WAVESHAPER.V2 backdoor. This affected Windows, macOS, and Linux systems, enabling capabilities like data collection, command execution, and file traversal. Communication was established via C2 (sfrclak[.]com / 142 11 206 73). GTIG attributed this attack to the North Korean-linked group UNC1069, active since 2018, based on WAVESHAPER.V2 usage and overlapping infrastructure. The incident stemmed from a compromised axios maintainer account, which was used to tamper with dependency configurations. Officials recommend avoiding the affected versions, auditing dependencies, isolating impacted systems, and rotating credentials.
https://(wublock123.com)/news/google-attributes-axios-supply-chain-attack-to-north-korea-unc1069-malicious-deps-cross-platform-backdoor-58962
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink