Security

Axios npm Supply Chain Compromise: Mitigation Guide

2 min read

Summary

Microsoft warned that malicious Axios npm versions 1.14.1 and 0.30.4 were used in a supply chain attack attributed to Sapphire Sleet. Organizations using the affected packages should immediately rotate secrets, downgrade to safe versions, and review developer endpoints and CI/CD systems for compromise.

Audio Summary

0:00--:--
Need help with Security?Talk to an Expert

Introduction

Microsoft has disclosed a serious npm supply chain compromise affecting Axios, one of the most widely used JavaScript HTTP libraries. Because Axios is commonly installed on developer workstations and CI/CD pipelines, this incident has broad implications for software supply chain security across Windows, macOS, and Linux environments.

What happened

Two malicious Axios package versions were published on March 31, 2026:

According to Microsoft Threat Intelligence, these releases added a malicious dependency, [email protected], which executed a post-install script during npm install or package updates. The install hook contacted actor-controlled infrastructure and downloaded a second-stage remote access trojan (RAT).

Microsoft attributes the campaign to Sapphire Sleet, a North Korean state actor.

Key technical details

  • The Axios source code itself was reportedly left unchanged.
  • The malicious behavior was introduced through a dependency insertion technique.
  • Affected environments included developer endpoints and CI/CD systems.
  • Payloads were tailored by operating system:
    • Windows: PowerShell-based RAT with persistence via registry Run key
    • macOS: Native binary dropped into /Library/Caches
    • Linux/other: Platform-specific follow-on payloads
  • The malware communicated with known malicious infrastructure linked to Sapphire Sleet.

Why this matters for IT and security teams

This attack highlights how trusted open-source packages can be weaponized without obvious application changes. Even if applications appear to function normally, the compromise can still occur at install time, allowing attackers to steal secrets, establish persistence, and pivot deeper into enterprise environments.

For administrators, the biggest risks are:

  • Compromised developer credentials and tokens
  • Exposed secrets in build systems
  • Malware execution on CI/CD agents
  • Persistent footholds on managed Windows devices

Organizations that installed the affected Axios versions should act immediately:

  1. Downgrade Axios to safe versions:
    • 1.14.0
    • 0.30.3
  2. Rotate secrets and credentials that may have been exposed.
  3. Disable auto-updates for Axios packages until environments are verified clean.
  4. Inspect developer and build systems for signs of compromise, especially persistence mechanisms and suspicious script execution.
  5. Use Microsoft Defender detections and hunting guidance from Microsoft’s advisory to identify malicious components and affected hosts.

Bottom line

The Axios npm compromise is a reminder that package management and CI/CD pipelines are now primary attack surfaces. Security teams should treat affected installs as potential endpoint and credential compromises, not just a package issue.

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Read the original article by Microsoft Threat Intelligence and Microsoft Defender Security Research Team
Axiosnpmsupply chain attackSapphire SleetMicrosoft Defender

Related Posts

Security

Critical Infrastructure Security Readiness in 2026

Microsoft says the threat model for critical infrastructure has shifted from opportunistic attacks to persistent, identity-driven access designed for future disruption. For IT and security leaders, the message is clear: reduce exposure, harden identity, and validate operational readiness now as regulations and nation-state activity intensify.

Security

AI Security Fundamentals: Practical CISO Guidance

Microsoft is advising CISOs to secure AI systems using the same core controls they already apply to software, identities, and data access. The guidance highlights least privilege, prompt injection defenses, and using AI itself to uncover permissioning issues before attackers or users do.

Security

WhatsApp Malware Campaign Uses VBS and MSI Backdoors

Microsoft Defender Experts uncovered a late-February 2026 campaign that uses WhatsApp messages to deliver malicious VBS files, then installs unsigned MSI packages for persistence and remote access. The attack blends social engineering, renamed Windows utilities, and trusted cloud services to evade detection, making endpoint controls and user awareness critical.

Security

Microsoft Copilot Studio Tackles OWASP Agentic AI Risks

Microsoft outlines how Copilot Studio and the upcoming general availability of Agent 365 can help organizations address the OWASP Top 10 for Agentic Applications. The guidance matters because agentic AI systems can use real identities, data, and tools, creating security risks that go far beyond inaccurate outputs.

Security

Microsoft Defender HVA Protection Blocks Critical Attacks

Microsoft detailed how Microsoft Defender uses high-value asset awareness to detect and stop attacks targeting domain controllers, web servers, and identity infrastructure. By combining Security Exposure Management context with differentiated detections and automated disruption, Defender can raise protection levels on Tier-0 assets and reduce the blast radius of sophisticated intrusions.

Security

Identity Security in Microsoft Entra: RSAC 2026 Updates

Microsoft is positioning identity security as a unified control plane that combines identity infrastructure, access decisions, and threat protection in real time. At RSAC 2026, the company announced new Microsoft Entra and Defender capabilities, including an identity security dashboard, unified identity risk scoring, and adaptive risk remediation to help organizations reduce fragmentation and respond faster to identity-based attacks.