Software Supply Chain Attacks Cause Data Breaches

A recent string of software supply chain attacks has compromised widely used open-source libraries, leading to significant data breaches and creating a pool of stolen credentials that could fuel further cybercrime. Google researchers, after linking the Axios npm supply chain attack to North Korean state-sponsored hackers, warned that hundreds of thousands of stolen secrets are now potentially in circulation. These credentials, pilfered from the Axios, Trivy, KICS, LiteLLM, and Telnyx compromises, present a clear and present danger. The researchers stated this trove could enable additional supply chain attacks, compromise software-as-a-service environments, and lead to ransomware events, extortion, and cryptocurrency theft in the near term.

The threat actor group known as TeamPCP is actively exploiting these stolen secrets for cloud intrusions. According to Wiz, a cloud security company owned by Google, its incident response team observed that credentials taken in the supply chain compromises were quickly validated and used to explore victim cloud environments and exfiltrate data. The speed of this activity strongly suggests the same threat actors behind the initial attacks are responsible, though Wiz notes it cannot rule out that the secrets were shared with other criminal groups.

The operational impact on companies is already severe. Tech firm OwnCloud confirmed last week that the Trivy compromise forced it to temporarily suspend its ability to ship new builds and patches for its software solutions. Meanwhile, startup Mercor, which connects AI companies with human experts, stated on Wednesday it was among thousands of companies affected by the LiteLLM supply chain attack. While the Lapsus$ cyber extortion group claimed to have accessed Mercor’s databases and source code, the company’s own investigation with third-party forensics experts is ongoing. Evidence links TeamPCP to Lapsus$, with Telegram channel data indicating Lapsus$ had prior knowledge of TeamPCP’s planned attacks. TeamPCP has also reportedly partnered with the Vect ransomware-as-a-service operation and is working on its own RaaS program called CipherForce.

The Axios npm compromise is particularly concerning due to the library’s massive adoption. With over 100 million weekly downloads across the affected branches, researchers from Tenable highlighted that even a three-hour compromise window creates a significant blast radius. Palo Alto Networks reports that organizations across the globe, including in the US, Europe, the Middle East, South Asia, and Australia, have been impacted. Victims span numerous sectors, from financial services and high-tech to retail, insurance, and higher education. The attack resulted in a remote access trojan being installed on Windows, macOS, and Linux systems, allowing operators to perform reconnaissance and execute additional malicious payloads.

Google attributes the Axios attack to a North Korean group tracked as UNC1069. This group is known for using social engineering, often targeting individuals in cryptocurrency, decentralized finance, software, and venture capital firms, to trick them into installing malware. This method aligns with how the Axios maintainer described his system being compromised. While UNC1069’s financial impact from cryptocurrency heists has been smaller than some other North Korean groups in 2025, Mandiant researchers noted earlier this year that it remains an active threat targeting centralized exchanges and individuals for financial gain.

In a related development, CERT-EU has stated that the initial access vector in the recent European Commission cloud breach was the Trivy supply-chain compromise.