北朝鮮のハッカー「UNC1069」がオープンソースのAxiosに対するサプライチェーン攻撃の犯人だとGoogleが指摘 - GIGAZINE
https://gigazine.net/news/20260402-axios-threat-actor-north-korea/The evidence pack includes HTML, screenshots, summaries, and metadata. It can be downloaded on Pro.
北朝鮮のハッカー「UNC1069」がオープンソースのAxiosに対するサプライチェーン攻撃の犯人だとGoogleが指摘 - GIGAZINE
Open the archived HTML with saved-time metadata attached.
This HTML has CSS and images embedded, so it can still be opened even if the original page disappears.
This page reports on a supply chain attack against the JavaScript library Axios. Google's security researchers identified the North Korea-linked threat actor UNC1069, active since 2018, as responsible for the attack. On March 31, 2026, the Axios npm package was compromised and malicious versions were released. Hackers breached a key developer's account and distributed malware with self-deletion capabilities to evade detection. Since Axios is downloaded millions of times weekly, millions of developers faced potential risk. The attack was discovered and blocked within three hours.
