Book a demo →
← all case studies Case study · npm · DPRK

How CyberXYZ caught
axios@1.14.1 on day zero.

A compromised maintainer shipped two malicious axios tags that pulled in a North Korean RAT dropper. No CVE existed. Here is the timeline, and the moment the firewall blocks it.

Live attack · case study

The axios@1.14.1 compromise,
and where the firewall stops it.

In March 2026, attackers social-engineered the lead axios maintainer, hijacked his npm tokens, and shipped two malicious versions that pulled in a purpose-built RAT dropper. No CVE existed. Here is the timeline, and the moment CyberXYZ blocks it.

~100Mweekly downloads
174Kdependent packages
~3 hrsexposure window
Sapphire SleetDPRK attribution
  1. ~2 weeks before

    The maintainer is targeted

    An attacker impersonates a company founder, lures the lead axios maintainer from a fake Slack into a Microsoft Teams call, and gets him to install a fake "missing component". It steals his npm tokens, bypassing 2FA entirely.

  2. Mar 30 · 05:57 UTC

    A clean decoy is planted

    plain-crypto-js@4.2.0 is published, completely clean, to build legitimate-looking registry history before the payload lands.

  3. Mar 30 · 23:59 UTC

    The payload ships · commit-level signal fires

    plain-crypto-js@4.2.1 adds a malicious postinstall hook (setup.js) using reversed-base64 and XOR to hide a cross-platform RAT dropper. CyberXYZ reads the change at the commit level and flags the new lifecycle hook and obfuscation, no CVE required.

  4. Mar 31 · 00:21 UTC

    axios pulls it in · dependency-injection signal fires

    axios@1.14.1 (tagged latest), then 0.30.4 (legacy), add plain-crypto-js as a dependency, one that has never existed in any prior axios. Two independent signals now agree.

  5. the verdict

    BLOCK, at install time

    Across every surface, npm install axios@1.14.1 through the proxy returns 403, CI gates fail, the editor flags it, the CLI exits non-zero. The RAT dropper never reaches a developer's disk. No advisory needed.

  6. Mar 31 · 03:15 UTC

    npm removes the versions

    Roughly a three-hour exposure window for everyone relying on after-the-fact takedown.

  7. Apr 1

    Attribution: Sapphire Sleet

    Microsoft Threat Intelligence links the campaign to a North Korean state actor and maps it to MITRE ATT&CK supply-chain techniques.

  8. Apr 20

    The CISA advisory lands · three weeks later

    By the time the formal advisory existed, the window was long closed. CyberXYZ blocks at install, the moment the dependency appears, no CVE needed.

Caught at install

Not an advisory after the fact.
The receipt.

The instant axios@1.14.1 reached the proxy, every runner and laptop got the same verdict. This is exactly what the team saw, three weeks before any CVE existed.

app.cyberxyz.io/proxy/findings
Search package, IP, OS…All typesAll risk levels live
Mar 31, 00:24 UTCnpmaxios@1.14.1BLOCKEDgha/runner CI/CD LinuxinternalCRITICAL
Mar 31, 00:24 UTCnpmaxios@0.30.4BLOCKEDgitlab/runner CI/CD LinuxinternalCRITICAL
Mar 31, 00:24 UTCnpmplain-crypto-js@4.2.1BLOCKEDdev laptop DEV macOSinternalCRITICAL

fig. 01 · proxy findings · both malicious axios tags blocked the moment they appeared

app.cyberxyz.io/notifications/14112
notification #14112Mar 31 · 00:24 UTC

Blocked install: axios@1.14.1 on gha/runner · GitHub Actions

0/10
RISK SCORE critical · verdict block
SIGNALS
BLAST RADIUS0K dependent packages · 0M weekly installs
axios@1.14.1 · latestaxios@0.30.4 · legacyplain-crypto-js@4.2.1
STATEMENTEcosystem npm · decision block (confidence 1.0) · malicious dependency plain-crypto-js@4.2.1 · no CVE on file at block time
SIGNALS · 3 of 3 fired
01Commit-Level AnalysistriggeredCRITICAL

plain-crypto-js@4.2.1 added an obfuscated postinstall (setup.js, reversed-base64 + XOR) dropping a cross-platform RAT. Read at the commit level, no CVE required.

02Dependency ProvenancetriggeredCRITICAL

axios@1.14.1 added plain-crypto-js, a dependency that had never existed in any prior axios release. Two independent signals now agree.

03Live Threat IntelmatchedCRITICAL

Campaign linked to Sapphire Sleet (DPRK), mapped to MITRE ATT&CK supply-chain techniques.

PACKAGE CONTEXT
version 1.14.1 · published Mar 31 · 0 weekly downloads · source github.com/axios/axios · MIT
PACKAGE axiosVERSION 1.14.1ECOSYSTEM npmDECISION BLOCK

fig. 02 · install verdict · the XYZ score and the three signals that fired

Sources: CyberXYZ threat intelligence, Microsoft Threat Intelligence (Sapphire Sleet attribution, Apr 2026) and the CISA advisory (Apr 2026). Full technical write-up on the CyberXYZ blog.