North Korean hackers tampered with the Axios NPM (Node Package Manager) package, a major JavaScript library, in a supply-chain attack that triggered millions of malicious distributions, SecurityWeek reported on Tuesday.

Google Threat Intelligence Group pointed to UNC1069, a North Korea-linked hacking group that has previously focused on cryptocurrency and decentralised finance companies, as being behind the attack.

Axios is an HTTP client library that handles asynchronous API requests in Node.js and browsers. It is a top-10 NPM package with more than 100 million weekly downloads and is installed in about 80 percent of cloud and coding environments.

The attack began shortly after midnight on March 31. The attackers posted backdoored versions 1.14.1 and 0.30.4 of Axios to the NPM registry. The versions were designed to automatically run a malicious payload on Windows, macOS and Linux platforms without user action. Both versions were removed from the registry about three hours later.

SecurityWeek said that about 3 percent of Axios users downloaded the versions during that period, citing cloud security firm Wiz. It added that the attackers seized a key Axios maintainer account, '@jasonsaayman', to set up the attack.

John Hultquist (존 헐퀴스트), a senior analyst at Google Threat Intelligence Group, warned that the incident could have a "broad impact" given the scale of Axios use.