Black & White Path

Apr 2, 2026 · Information Security

North Korean UNC1069 Hijacks Axios: How a Supply‑Chain Attack Targets Developers

In March 2026, the North Korean hacker group UNC1069 compromised the popular JavaScript HTTP client Axios by injecting a remote‑access trojan into the npm package, exposing millions of developers to a sophisticated supply‑chain attack that lasted nearly three hours before detection.