DPRK-affiliated threat actors compromised the npm axios package maintainer account and published malicious versions v1.14.1 and v0.30.4 containing a remote access trojan, part of a broader technology sector campaign documented by CrowdStrike. Any organization whose build pipelines or applications consumed these specific versions is potentially running adversary-controlled code in their environments.