Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069

**Executive summary:** On March 31, a threat actor compromised the widely used axios npm package and published two malicious versions containing a malicious dependency (plain-crypto-js) whose postinstall dropper (SILKBELL) deployed the WAVESHAPER.V2 backdoor to macOS, Windows and Linux systems; Google Threat Intelligence Group attributes the campaign to UNC1069, the malicious packages were live for ~three hours, IoCs and mitigation steps (credential rotation, rebuilds, blocking C2s, detection rules) are provided.