Axios Hit by Cyber Attack, Apple and Windows Also at Risk

A cyber attack has once again targeted the global technology ecosystem. This time, the assault focused on the popular software known as Axios, which is extensively used by developers worldwide. The attack was reported on Monday (30/3/2026) US time.

This attack is considered dangerous because it does not directly target major companies but instead exploits vulnerabilities in widely used third-party software, including by tech giants such as Apple and Microsoft.

Axios itself is a JavaScript library used for sending and receiving data over the internet, particularly via HTTP or HTTPS.

The library simplifies developers’ communication with servers, such as retrieving data from APIs, submitting forms, or updating information, without needing to write complex code from scratch.

Due to its central role in application communication, Axios can be seen as a crucial part of modern digital infrastructure.

In this case, hackers took over the Axios maintainers’ account on npm, the JavaScript package distribution platform. They then inserted malicious software (malware) into the version of the library distributed to developers.

The malware is a remote access trojan (RAT), which allows attackers to take control of victims’ computers, steal data, and execute remote commands.

What makes this attack hard to detect is that there is no direct malicious code in Axios. The library merely serves as an “entry point” that then downloads hidden malware.

Moreover, once executed, the malware is said to be able to delete itself and disguise as part of the system to avoid detection.

This attack falls into the category of “supply chain attack” or supply chain assault. This means hackers do not directly target the main objectives like large companies but attack third parties that are part of their system chain.

The attack also highlights a major weakness in the technology industry: reliance on open-source software that is often managed by relatively small teams.

Yet, software like Axios is used in various critical services. If compromised, the impact could spread to major companies, including Apple, Amazon, and Google.

Several researchers, including from Google’s Threat Intelligence Group, have linked this attack to a North Korean hacker group known as UNC1069. This group has previously been involved in various cyber attacks, including cryptocurrency thefts.

Although the attack was detected relatively quickly, experts warn that its full impact has not yet been fully measured. There is a possibility that some developers have already downloaded the infected version of Axios before the issue was identified.

Therefore, companies and developers are urged to immediately check their systems, update dependencies to safe versions, and conduct thorough security audits, as compiled by KompasTekno from Computer World and The Record.