Microsoft details how to mitigate the Axios npm supply chain compromise
5 min. read 
Published on
Microsoft says developers and organizations that installed the compromised Axios releases should assume exposure and act fast. In its April 1 guidance, Microsoft Threat Intelligence said the malicious Axios versions were 1.14.1 and 0.30.4, and urged users to rotate secrets immediately and downgrade to safe versions such as 1.14.0 or 0.30.3.
The attack matters because Axios is one of the most widely used JavaScript HTTP libraries in the world. Microsoft said the two poisoned releases used a malicious dependency, [email protected], to fetch a second-stage remote access trojan for Windows, macOS, and Linux during installation.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
Microsoft attributed the infrastructure behind the compromise to Sapphire Sleet, a North Korean state actor. Google reached a closely related conclusion from a different tracking angle, attributing the activity to UNC1069 and linking it to the WAVESHAPER.V2 backdoor family. Microsoft notes that Sapphire Sleet overlaps with activity other vendors track as UNC1069, which helps reconcile the naming difference.
What happened in the Axios compromise
According to Microsoft and Google, the attacker did not modify Axios’s main runtime logic. Instead, the actor inserted a fake dependency named plain-crypto-js into [email protected] and [email protected], then used an npm post-install hook to run malicious code automatically during install.
Google said the malicious releases were live between 00:21 and 03:20 UTC on March 31, 2026. It also said the attacker likely compromised a maintainer account, changed the associated email address, and then pushed the poisoned versions to npm.
Microsoft said the malicious dependency connected to actor-controlled infrastructure and downloaded platform-specific payloads. The company added that normal Axios app behavior might still look unchanged, which made the compromise harder to catch quickly on developer endpoints and CI/CD systems.
Microsoft’s core mitigation steps
Microsoft’s first recommendation is clear. Roll back every affected Axios deployment to safe versions, pin Axios to an exact version, and stop automatic upgrades until teams fully assess exposure. The company specifically said developers should remove caret (^) and tilde (~) version specifiers and use exact versions instead.
Microsoft also told affected organizations to flush the local npm cache, review CI/CD logs for installs of [email protected], [email protected], or plain-crypto-js, and inspect developer systems for node_modules folders containing those artifacts. It also advised teams to look for outbound traffic to sfrclak[.]com and the attacker IP on port 8000.
One of the most important points in Microsoft’s post is secret rotation. The company said organizations should rotate all secrets and credentials exposed to compromised systems. CSA Singapore echoed that advice and explicitly called out API keys, access tokens, SSH keys, and environment secrets.
The most important actions at a glance
| Action | Why Microsoft says it matters |
|---|---|
| Downgrade Axios to 1.14.0 or 0.30.3 | Removes the known malicious releases. |
| Pin exact Axios versions | Prevents accidental upgrades to bad releases. |
| Use overrides for transitive dependencies | Forces safe Axios versions even when another package pulls Axios indirectly. |
Run npm cache clean --force | Clears cached malicious packages. |
| Review CI/CD logs | Helps find install-time exposure in pipelines. |
| Rotate secrets and credentials | Limits follow-on abuse after endpoint compromise. |
| Restrict post-install scripts when possible | Reduces the risk from malicious lifecycle hooks. |
| Disable or restrict dependency bots for Axios | Stops automated pull requests from reintroducing bad versions. |
What developers and security teams should check
- Search for
[email protected],[email protected], and[email protected]across repos, build logs, and developer machines. - Review any
npm installornpm ciactivity from March 31 onward for unexpected Axios upgrades. - Hunt for outbound traffic to
sfrclak[.]comor142.11.206.73on port 8000. Microsoft listed the domain, while CSA listed the IP and URL pattern. - Check Windows, macOS, and Linux hosts for platform-specific payload traces because the malware delivered different second-stage files on each OS.
- Reinstall Axios cleanly after removal rather than trusting the local environment as-is. Microsoft explicitly recommends removing all Axios files and reinstalling cleanly on victim systems.
Why Microsoft wants teams to pin versions now
This compromise turned normal dependency behavior into the delivery path. Microsoft said projects using ranges like ^1.14.0 or ^0.30.0 could silently pull the malicious releases during routine installs or updates. That is why the company now recommends exact version pinning and manual upgrades until the risk is fully contained.
Google made a similar point in its own response. It urged organizations not to upgrade to 1.14.1 or 0.30.4 and to pin Axios to a known-good version in package-lock.json.
This is also why Microsoft recommends disabling or restricting automated dependency bots for critical packages during the response phase. In a fast-moving package compromise, convenience becomes risk if update tooling keeps pulling poisoned releases or opening automatic pull requests before security review.
FAQ
Microsoft, Google, and CSA all identify [email protected] and [email protected] as the malicious versions.
The attacker added [email protected] as a fake dependency and used its post-install script to launch the compromise.
Microsoft says to downgrade to safe Axios versions, rotate secrets and credentials, clear npm cache, inspect CI/CD logs, and search systems for signs of the malicious packages.
Because the malicious packages could arrive through normal npm resolution. Microsoft says exact pinning blocks silent upgrades, while overrides force safe Axios versions even for transitive dependencies.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages