UNC1069 trasforma Axios in un vettore di spionaggio: WAVESHAPER.V2 colpisce la supply chain npm
il blog: insicurezzadigitale.com/unc1069-tras...

#cybersecurity #apt #coreadelnord #cybercrime #npm #sapphiresleet #supplychain #unc1069 #waveshaper

Examining the Blast Radius from the Axios npm Supply Chain Compromise Two backdoored Axios npm releases ([email protected] and [email protected]) were published from a compromised maintainer account and, during a roughly three‑hour window, introduced a malicious dependency that installed a cross‑platform RAT via a postinstall hook. The campaign, attributed to UNC1069, deployed SILKBELL to fetch the WAVESHAPER RAT and led to detections across Windows and macOS with 19 affected eSentire customers; #WAVESHAPER #UNC1069

Two Axios npm releases were compromised for about three hours, injecting a malicious dependency that installed the WAVESHAPER RAT via a postinstall hook, impacting Windows and macOS systems. #UNC1069 #SupplyChain #USA

"The Axios Breach: When npm Trust Becomes an APT Attack Vector" published by PolySwarm. #Axios, #NPM, #UNC1069, #DPRK, #CTI blog.polyswarm.io/the-axios-breach-when-np...

"Advisory on DPRK (UNC1069) Fake Microsoft Teams and Zoom calls" published by SecurityAlliance. #UNC1069, #DPRK, #CTI radar.securityalliance.org/advisory-on-dprk-unc1069...

Node.js Maintainers Targeted by DPRK

~Socket~
DPRK actor UNC1069 is targeting high-impact npm maintainers via fake meetings to deploy RATs and hijack packages.
-
IOCs: teams. onlivemeet. com, WAVESHAPER, HYPERCALL
-
#NodeJS #SupplyChain #ThreatIntel #UNC1069

Deepfake σοκ: Πώς η Βόρεια Κορέα παγίδευσε τον δημιουργό του Axios σε εικονική συνάντηση Ο Jason Saayman αποκαλύπτει την απίστευτη πλεκτάνη με κλωνοποίηση φωνής και προσώπου στο Teams που οδήγησε στην παραβίαση του δημοφιλούς πακέτου λογισμικού.

Μάθετε πώς η ομάδα UNC1069 χρησιμοποίησε AI deepfakes και ψεύτικα κανάλια Slack για να παραβιάσει το Axios. Μια συγκλονιστική ανάλυση για τη νέα γενιά επιθέσεων phishing. #Axios #NorthKorea #UNC1069 #CyberSecurityNews

"Axios npm Backdoored: UNC1069 Deploys Cross-Platform RAT via Supply Chain Attack" published by CybersecSentinel. #Axios, #NPM, #UNC1069, #DPRK, #CTI cybersecsentinel.com/axios-npm-backdoored-unc...

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack North Korean-linked threat actors tracked as UNC1069 used a highly targeted social engineering campaign to steal the Axios maintainer's credentials and publish trojanized versions of the package. The compromise deployed a remote access implant called WAVESHAPER.V2 and underscores the massive supply-chain risk posed by attacks on popular open-source maintainers. #UNC1069 #WAVESHAPERV2...

North Korean-linked UNC1069 used social engineering to steal Axios maintainer credentials, deploying WAVESHAPER.V2 via trojanized npm packages. Attack involved fake Slack workspace and Teams call with remote access implant. #UNC1069 #SupplyChain

UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages.

Watch out as North Korean group #UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages.

Read: hackread.com/unc1069-node...

#CyberSecurity #NorthKorea #LinkedIn #Slack #Malware

March 2026 Supply Chain Attacks: TeamPCP & Axios Analyzed A technical breakdown of the March 2026 supply chain attacks, examining how threat actors like TeamPCP and UNC1069 compromised Trivy, LiteLLM, and Axios—and how to stop them.

The March 2026 supply chain attacks are rewriting the rules of developer security. 🚨

Read the full deep-dive: www.security.land/2026-supply-...

#SecurityLand #BreachBreakdown #SupplyChainAttack #NPM #Cybersecurity #Axios #Trivy #TeamPCP #UNC1069

North Korean group UNC1069 compromised the Axios npm package, deploying cross-platform malware via a sophisticated supply chain attack. Stay vigilant! #CyberSecurity #SupplyChainAttack #UNC1069 Link: thedailytechfeed.com/north-korean...

ITちゃんねる 北朝鮮のハッカー「UNC1069」がオープンソースのAxiosに対するサプライチェーン攻撃の犯人だとGoogleが指摘 #UNC1069 #Axios #ITニュース

北朝鮮のハッカー「UNC1069」がオープンソースのAxiosに対するサプライチェーン攻撃の犯人だとGoogleが指摘
#UNC1069 #Axios #ITニュース

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack Google Threat Intelligence Group (GTIG) observed a supply chain compromise of the axios NPM package where a malicious dependency, plain-crypto-js (v4.2.1), delivered an obfuscated dropper (SILKBELL) that installed WAVESHAPER.V2 across Windows, macOS, and Linux. GTIG attributes the campaign to UNC1069, details OS-specific deployment and persistence mechanisms, and recommends immediate remediation including pinning axios versions, auditing for plain-crypto-js, blocking sfrclak[.]com/142.11.206.73, and rotating credentials. #WAVESHAPER.V2 #UNC1069

North Korea-linked threat actor UNC1069 compromised the popular axios NPM package by injecting the plain-crypto-js dependency, deploying SILKBELL and WAVESHAPER.V2 malware across Windows, macOS, and Linux systems. #NorthKorea #SupplyChain #UNC1069

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 accomplish stealthy execution without read more about Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 reconbee.com/google-attri...

#google #Axiosnpm #supplychainattack #northkoreangroup #UNC1069 #cyberattack #Axios #cybersecurity

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 Google has attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean cluster tracked as UNC1069. The attackers pushed trojanized Axios releases that installed a malicious dependency "plain-crypto-js" which deployed the SILKBELL dropper and the cross-platform WAVESHAPER.V2 backdoor. #UNC1069 #WAVESHAPERV2...

Google links the Axios npm supply chain attack to North Korea’s UNC1069 group. Trojanized Axios versions added “plain-crypto-js,” deploying SILKBELL dropper and WAVESHAPER.V2 backdoor via postinstall hook. #UNC1069 #NorthKorea #SupplyChain

Google links axios supply chain attack to North Korean group North Korean–linked hackers attributed to UNC1069 compromised the widely used axios npm package in a supply chain attack that published malicious releases, deploying a multi-stage RAT across Windows, macOS, and Linux. The incident exploited a hijacked maintainer account, bears resemblance to WAVESHAPER activity, and highlights the fragile software supply chain and...

Google links the axios npm supply chain attack to North Korean group UNC1069, involving a hijacked maintainer account and multi-stage RAT deployment across Windows, macOS, and Linux. #NorthKorea #SupplyChain #UNC1069

Inside the Axios supply chain compromise - one RAT to rule them all Elastic Security Labs disclosed a supply-chain compromise of the widely used axios npm package in which a compromised maintainer account published backdoored versions that used a malicious plain-crypto-js postinstall hook to download a cross-platform RAT. The implants (PowerShell, C++, Python) share an identical C2 protocol and beacon behavior and were delivered from sfrclak[.]com:8000, enabling large-scale, automated compromise via npm installs. #Axios #UNC1069

A supply chain attack on the axios npm package compromised maintainer accounts to release backdoored versions with a malicious postinstall hook deploying a cross-platform RAT sharing a unified C2 protocol. #NodeJS #UNC1069 #USA

Axios NPM Supply Chain Attack

~Mandiant~
NK-nexus actor UNC1069 compromised the Axios NPM package to deploy the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.
-
IOCs: 142. 11. 206. 73, sfrclak. com, 23. 254. 167. 216
-
#Malware #SupplyChain #ThreatIntel #UNC1069

"North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack" published by Google. #Axios, #NPM, #SupplyChain, #UNC1069, #WAVESHAPER, #DPRK, #CTI cloud.google.com/blog/topics/threat-intel...

"Fake VCs target crypto talent" published by Moonlock. #ClickFix, #UNC1069, #DPRK, #CTI moonlock.com/fake-vcs-target-crypto-t...

North Korean cyber group UNC1069 uses AI and deepfakes to target cryptocurrency firms, deploying sophisticated malware to steal sensitive data. Stay alert! #CyberSecurity #AI #Cryptocurrency #UNC1069 Link: thedailytechfeed.com/north-korean...

North Korea–Linked Hackers Use AI Lures
Read More: buff.ly/Mzmh0y9

#UNC1069 #NorthKoreaCyber #CryptoTargeting #AILures #SocialEngineering #TelegramScams #ThreatIntel #CyberEspionage

"UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering" published by Google. #UNC1069, #DPRK, #CTI cloud.google.com/blog/topics/threat-intel...

UNC1069 Targets Crypto Sector with New Malware & AI Lures

~Mandiant~
North Korean actor UNC1069 targets crypto firms with AI lures and new macOS malware for extensive data theft.
-
IOCs: mylingocoin. com, zoom. uswe05. us, breakdream. com
-
#Crypto #ThreatIntel #UNC1069 #macOS

"GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools" published by Google. #UNC1069, #UNC4899, #MASAN, #PUKCHONG, #Trend, #DPRK, #CTI cloud.google.com/blog/topics/threat-intel...

"DRPK Threats to Web3 and Cryptocurrency" published by 划水摸鱼. #UNC1069, #UNC1720, #UNC4899, #UNC5342, #UNC5267, #DPRK, #CTI https://mp.weixin.qq.com/s/EUhhK-bfopNhGt-KUY-ejA

"M-Trends 2025: Data, Insights, and Recommendations From the Frontlines" published by Mandiant. #ITWorker, #Trend, #UNC1069, #UNC3782, #UNC4736, #UNC4899, #UNC5342, #DPRK, #CTI cloud.google.com/blog/topics/threat-intel...

"Cybercrime: A Multifaceted National Security Threat" published by Google. #APT38, #APT43, #APT45, #ITWorker, #Trend, #UNC1069, #UNC3782, #UNC4899, #DPRK, #CTI cloud.google.com/blog/topics/threat-intel...