A North Korea-nexus threat actor, UNC1069, executed a software supply chain attack by compromising the maintainer account of the widely used 'axios' NPM package. They introduced a malicious dependency that uses a postinstall hook to silently deploy the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux environments, enabling remote command execution and data theft.