CrowdStrike’s analysis links the threat actor group Stardust Chollima to the recent tampering of the Axios npm package. The investigation places the intrusion within a broader campaign targeting JavaScript supply chains.

The compromise affects any organization that incorporates the altered Axios library, potentially exposing development pipelines to malicious code execution and downstream risk to downstream applications.

Defenders should perform immediate integrity checks of npm packages, implement automated SBOM generation, verify signatures, and maintain rapid response playbooks to limit exposure from compromised libraries.