Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Overview

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a

Organisations Involved

The following organisations are mentioned in relation to this incident: Axios Maintainer Led, Google, Google Attributes Axios, Google Threat Intelligence Group, Intel, Intelligence Group.

Multi-Source Coverage

This event has been reported across multiple outlets:

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 — thehackernews
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.

AR-ID	da2a5851-cd3d-435c-93b0-637d87979d80
NEWS-ID	c2a55110-1f79-4d49-8bc8-610b2d11cf5e
Article type	emerging
Categories	none
Quality score	0.9270
Generation timestamp	2026-04-04 19:24 UTC
Publish timestamp	2026-04-05 08:51 UTC
Editor corrections	[{"by": "cn-editor", "note": "passed quality checks", "score": 0.927}]

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

KEY FACTS

Overview

Organisations Involved

Multi-Source Coverage

DEBUG — Testing Information