North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

GTIG reports that UNC1069 deployed WAVESHAPER.V2 — a Windows RAT with reconnaissance, command execution (including in-memory PE injection), and filesystem enumeration — and linked the activity to a supply-chain compromise of axios via a malicious npm package (plain-crypto-js). The report provides attribution (C2 domain and IP), technical behavior, IOCs, and prioritized remediation and hardening guidance for developers and enterprises to mitigate credential theft and downstream compromises.