Mitigating the Axios npm supply chain compromise

## Executive summary Microsoft Threat Intelligence discovered that two Axios npm releases (1.14.1 and 0.30.4) were maliciously published with an injected dependency ([email protected]) that executes at install time to contact a Sapphire Sleet-owned C2 (sfrclak.com:8000/6202033) and deliver OS-specific RATs for Windows, macOS, and Linux; the report attributes the activity to the North Korean actor Sapphire Sleet, lists IoCs (domain, IP, file hashes, artifacts), and provides detection, mitigation, and hunting guidance for affected organizations.