Security

Axios npm Supply Chain Compromise: Mitigation Guide

2 min read

Summary

Microsoft warned that malicious Axios npm versions 1.14.1 and 0.30.4 were used in a supply chain attack attributed to Sapphire Sleet. Organizations using the affected packages should immediately rotate secrets, downgrade to safe versions, and review developer endpoints and CI/CD systems for compromise.

Audio Summary

0:00--:--
Need help with Security?Talk to an Expert

Introduction

Microsoft has disclosed a serious npm supply chain compromise affecting Axios, one of the most widely used JavaScript HTTP libraries. Because Axios is commonly installed on developer workstations and CI/CD pipelines, this incident has broad implications for software supply chain security across Windows, macOS, and Linux environments.

What happened

Two malicious Axios package versions were published on March 31, 2026:

According to Microsoft Threat Intelligence, these releases added a malicious dependency, [email protected], which executed a post-install script during npm install or package updates. The install hook contacted actor-controlled infrastructure and downloaded a second-stage remote access trojan (RAT).

Microsoft attributes the campaign to Sapphire Sleet, a North Korean state actor.

Key technical details

  • The Axios source code itself was reportedly left unchanged.
  • The malicious behavior was introduced through a dependency insertion technique.
  • Affected environments included developer endpoints and CI/CD systems.
  • Payloads were tailored by operating system:
    • Windows: PowerShell-based RAT with persistence via registry Run key
    • macOS: Native binary dropped into /Library/Caches
    • Linux/other: Platform-specific follow-on payloads
  • The malware communicated with known malicious infrastructure linked to Sapphire Sleet.

Why this matters for IT and security teams

This attack highlights how trusted open-source packages can be weaponized without obvious application changes. Even if applications appear to function normally, the compromise can still occur at install time, allowing attackers to steal secrets, establish persistence, and pivot deeper into enterprise environments.

For administrators, the biggest risks are:

  • Compromised developer credentials and tokens
  • Exposed secrets in build systems
  • Malware execution on CI/CD agents
  • Persistent footholds on managed Windows devices

Organizations that installed the affected Axios versions should act immediately:

  1. Downgrade Axios to safe versions:
    • 1.14.0
    • 0.30.3
  2. Rotate secrets and credentials that may have been exposed.
  3. Disable auto-updates for Axios packages until environments are verified clean.
  4. Inspect developer and build systems for signs of compromise, especially persistence mechanisms and suspicious script execution.
  5. Use Microsoft Defender detections and hunting guidance from Microsoft’s advisory to identify malicious components and affected hosts.

Bottom line

The Axios npm compromise is a reminder that package management and CI/CD pipelines are now primary attack surfaces. Security teams should treat affected installs as potential endpoint and credential compromises, not just a package issue.

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Axiosnpmsupply chain attackSapphire SleetMicrosoft Defender

Related Posts

Security

Quantum-Safe Security: Microsoft Targets 2029

Microsoft is accelerating its quantum-safe security roadmap and now aims to transition critical products and services to post-quantum cryptography by 2029. The update matters because IT teams need to start cryptographic inventory, crypto-agility planning, and TLS 1.3 modernization sooner as the risk timeline for quantum attacks moves closer.

Security

Securing AI Agents: MCP Tool Poisoning Risks

Microsoft Incident Response warns that as AI agents move from reading content to taking actions, poisoned Model Context Protocol (MCP) tool metadata can silently redirect agent behavior and expose sensitive data. The guidance outlines how to detect, contain, and prevent this emerging supply chain risk using controls across Copilot Studio, Entra, Purview, Defender, and Sentinel.

Security

Microsoft Security June 2026: Key Updates for IT

Microsoft’s June 2026 security updates introduce new protections for AI agents, stronger identity recovery in Entra, expanded multicloud coverage in Defender for Cloud, and more flexible reporting in Purview. These changes matter for IT and security teams because they improve visibility, speed remediation, and help protect identities, data, endpoints, and cloud workloads across hybrid environments.

Security

Malicious Chromium Extension Hijacks Search via AI Branding

Microsoft Threat Intelligence uncovered a malicious Chromium extension that spoofed Perplexity AI branding to intercept browser searches and search suggestions through attacker-controlled infrastructure. The finding matters because it shows how threat actors are using trusted AI brands and browser extension permissions to capture user input, redirect traffic, and increase privacy and security risk in enterprise environments.

Security

Node.js Hospitality Phishing Campaign Hits Hotel Staff

Microsoft Threat Intelligence has detailed an active phishing campaign targeting hospitality organizations with photo-themed ZIP files that deliver a Node.js implant for persistence. The campaign matters because it combines trusted-service abuse, PowerShell obfuscation, registry persistence, and non-standard C2 traffic to evade detection and potentially stage follow-on attacks.

Security

Microsoft Intune Named a Leader in Forrester Wave

Microsoft says it has been named a Leader in The Forrester Wave for Endpoint Management Platforms, Q2 2026, highlighting Intune’s integrated approach to endpoint management, security, identity, and AI governance. The announcement matters for IT teams because Microsoft is expanding bundled Intune capabilities, adding Linux support, and positioning Intune as a central policy layer for managing both devices and AI agents.