North Korea deployed a cross-platform RAT through the most downloaded JavaScript library on the internet, using the official update channel and a maintainer account taken over by social engineering. China breached the FBI system that manages court-authorized wiretaps — not by attacking the FBI directly, but by compromising the commercial ISP whose infrastructure feeds into the surveillance network. And Booking.com disclosed its third breach via the same third-party hotel partner access channel that attackers used in 2023 and 2024, with no architectural change in between.

None of these are zero-day stories. They are authorized-channel stories. The attacker arrived through npm’s trusted registry, through a vendor ISP pathway that was supposed to be safe, and through hotel partner portal credentials that were supposed to belong to hotel staff. Your detection stack is probably configured to trust all three of those channels. That is the problem.

This week: three incidents with confirmed victim impact, plus a financial update on a story from last week that now has a regulatory filing attached to it.

Axios npm Supply Chain Compromise: Sapphire Sleet Backdoors the Most Downloaded JavaScript Library on the Internet

What happened: On March 31, North Korean state actor Sapphire Sleet — also tracked as UNC1069 by Google GTIG — compromised the npm account of Axios lead maintainer Jason Saayman through a targeted social engineering operation and published two malicious versions of Axios, the most widely used JavaScript HTTP client library, with over 100 million weekly downloads. The malicious releases (v1.14.1 and v0.30.4) injected a dependency named plain-crypto-js that functioned as a cross-platform RAT dropper targeting Windows, macOS, and Linux. CISA issued an advisory on April 20, and Unit 42 updated their impact assessment on April 13 as downstream enterprise compromise continued to surface through the week. The malicious versions were live for approximately three hours before Elastic Security Labs flagged them, but any automated dependency update that ran during that window should be treated as a confirmed compromise.

Technical details that matter: The attack demonstrates pre-operational planning that distinguishes this from opportunistic npm abuse. [email protected] was published 18 hours before the attack as a clean decoy to build registry history. The malicious version (4.2.1) dropped at 23:59 UTC March 30. Axios 1.14.1 and 0.30.4 followed at 00:21 and 01:00 UTC March 31 — targeting both the active and legacy release branches simultaneously, maximizing blast radius to include projects pinned to older versions. Total elapsed time from first malicious Axios release to both branches hit: 39 minutes. The postinstall hook in plain-crypto-js fires on npm install, delivers the second-stage payload WAVESHAPER.V2, and immediately runs aggressive anti-forensic cleanup: it deletes setup.js, strips the postinstall hook from package.json, and replaces it with a clean decoy. Total time from install to compromise: approximately 15 seconds. WAVESHAPER.V2 is a C++ backdoor that runs as a background daemon, communicates with C2 via HTTP or HTTPS, and supports PE injection, arbitrary script execution, and payload download. Three separate OS-specific payloads were pre-built before the attack began. Microsoft attributed the campaign infrastructure to Sapphire Sleet; Google GTIG tracks the actor as UNC1069, active since at least 2018. Any machine that installed the malicious versions should have all secrets rotated immediately: cloud credentials, SSH keys, npm publish tokens, signing keys, and Kubernetes configs.

Why critical institutions should care: Axios is not an optional dependency — it is embedded in enterprise applications, backend microservices, CI/CD tooling, and internal developer tools across virtually every JavaScript-using organization. The infection path is the build environment, not the running application. A compromised build server has access to everything needed to pivot from a single developer machine to a full enterprise environment: source code, deployment pipelines, signing credentials, and cloud accounts. Sapphire Sleet is financially motivated — the group converts enterprise access to cryptocurrency theft and ransomware deployment. WAVESHAPER.V2 is designed for persistence and lateral movement, not immediate exfiltration. Organizations that installed the malicious versions during the three-hour window may have active, dormant access waiting for activation. If your Node.js environments ran routine updates on March 31, verification is not optional.

Key sources:

• https://www.elastic.co/security-labs/axios-one-rat-to-rule-them-all
• https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package
• https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise
• https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

China Breaches the FBI’s Wiretap Management System

What happened: The FBI detected abnormal log activity on February 17 in an unclassified component of its Digital Collection System Network, specifically DCS-3000, also known internally as Red Hook — the system that manages court-authorized pen register and trap-and-trace surveillance operations. The breach was formally labeled a “major incident” under FISMA, the first such designation the FBI has issued since 2020, and Congress was briefed in the first week of April. The White House, DHS, and NSA joined the investigation. Investigators have attributed the intrusion to Salt Typhoon, a Chinese state-sponsored actor linked to China’s Ministry of State Security, though no formal public attribution has been made.

Technical details that matter: The FBI told Congress the attackers reached DCSNet by exploiting the infrastructure of a commercial ISP whose systems connect to the network — not by breaching FBI perimeter defenses directly. DCSNet interfaces with CALEA-mandated carrier infrastructure to receive lawful intercept data. The ISP in question served as a trusted vendor pathway into the network, meaning the attackers’ traffic blended with legitimate data flows and bypassed controls configured to detect unauthorized external access. The breach targeted FBI systems in the Virgin Islands, consistent with Salt Typhoon’s documented pattern of identifying lower-security nodes in a target architecture as entry points rather than attacking the hardened core directly. This is the same operational logic that guided their 2019-2024 campaign against U.S. telecoms, in which Salt Typhoon maintained persistent access inside AT&T, Verizon, and seven other carriers for up to five years before detection — in at least one case, three years of persistent access inside a single Cisco device before discovery. The structural connection between the telecom campaign and DCSNet is direct: Salt Typhoon spent years inside the carrier infrastructure that feeds surveillance data into DCSNet. The 2026 breach is the logical continuation — moving from the pipe to the system that receives and manages what flows through it. Salt Typhoon’s known tooling includes a Windows kernel-mode rootkit (Demodex) for persistent server access, though the specific tooling used in the DCSNet intrusion has not been publicly confirmed.

Why critical institutions should care: The “unclassified” label attached to this breach significantly understates its operational damage. DCS-3000 contains pen register and trap-and-trace returns — call metadata, device identifiers, and websites visited by everyone under active FBI surveillance. A foreign intelligence service with access to that data knows exactly who the FBI is currently watching, which methods are in use, and which operations are active. If any of those surveillance targets are foreign intelligence assets operating inside the United States, those assets can now alter their behavior to avoid detection. The structural lesson that extends to non-government organizations is one Salt Typhoon has been teaching for years and that the U.S. government has not acted on: the ISP and carrier infrastructure connecting your facilities is an active attack surface. CALEA mandated wiretap capability in 1994 and mandated nothing about securing it against nation-state adversaries. Senator Wyden proposed legislation to address this after the 2024 telecom breaches. It went nowhere. The same architectural gap that enabled the carrier compromises enabled this one. Your connectivity layer is not a neutral pipe.

Key sources:

• https://www.nbcnews.com/news/us-news/fbi-labels-suspected-china-hack-law-enforcement-data-major-cyber-incid-rcna266495
• https://www.hstoday.us/fbi/fbi-labels-china-linked-hack-of-surveillance-system-a-major-cyber-incident/
• https://complexdiscovery.com/fbi-classifies-chinese-breach-of-wiretap-surveillance-system-as-major-incident/
• https://www.securitymagazine.com/articles/102207-breach-of-fbi-surveillance-system-considered-a-major-incident-security-experts-weigh-in

Booking.com Reservation Breach: The Same Third-Party Hotel Partner Access Channel, the Third Time

What happened: On April 13, Booking.com notified customers that unauthorized third parties had accessed guest reservation data through compromised hotel partner systems. The breach exposed names, email addresses, phone numbers, and booking details for an undisclosed number of users. Booking.com forced PIN resets on affected reservations and confirmed no financial data was taken directly — but reservation data is not the point. The combination of accurate travel itineraries, real booking confirmation numbers, and full contact details is precisely what enables high-conversion reservation hijacking fraud: scammers impersonating hotels contacting guests about their upcoming stay and requesting re-entered payment data.

Technical details that matter: The 2023 and 2024 Booking.com fraud campaigns used infostealer malware — primarily Vidar — to harvest hotel staff credentials through socially engineered phishing emails, obtaining access to the hotel’s Booking.com administration portal and pulling reservation data for all guests at that property. Booking.com has not disclosed the 2026 attack vector, but the Malwarebytes analysis confirms the access path again ran through hotel partner accounts, not Booking.com’s own systems. This is the same architectural entry point, unmodified, for the third time. The UK’s Action Fraud received over 530 reports of Booking.com reservation hijacking scams in a 15-month window ending September 2024, with victim losses of approximately $470,000 in that window. Booking.com was previously fined roughly $560,000 by the Dutch privacy regulator in 2021 for late breach reporting. The company has not publicly disclosed the number of users affected in the 2026 incident, and at time of writing had not responded to questions about scale.

Why critical institutions should care: The operational risk here is more specific than generic identity theft. Booking.com’s platform holds the travel itineraries of government employees, corporate executives, defense contractors, and anyone else whose movements have intelligence value. A breach of reservation data combined with accurate itinerary details enables physical pre-positioning: an adversary knows where a target will be, when they arrive, and how to reach them with a message that will appear entirely legitimate. Beyond the counterintelligence dimension, the repeat nature of this breach via an unaddressed access channel is a pattern worth applying internally. Any institution that aggregates customer or partner data through third-party portal access — hospitality systems, property management platforms, vendor portals — should be asking whether the access model has been reviewed since the last incident. Booking.com has now answered that question for three consecutive years in the same way.

Key sources:

• https://www.bleepingcomputer.com/news/security/new-bookingcom-data-breach-forces-reservation-pin-resets/
• https://techcrunch.com/2026/04/13/booking-com-confirms-hackers-accessed-customers-data/
• https://www.malwarebytes.com/blog/data-breaches/2026/04/booking-com-breach-gives-scammers-what-they-need-to-target-guests
• https://skift.com/2026/04/13/booking-com-hacked-data-breach-reservations/

Update: Stryker Confirms Material Q1 Earnings Impact from March Handala Wiper Attack

Last week this column covered Handala’s wiper deployment against Stryker and the FBI’s seizure of Handala’s infrastructure. On April 10, Stryker formalized the damage in a regulatory filing: the March 11 attack had a material impact on Q1 earnings. The mechanics are now confirmed. Attackers created a new Global Administrator account after compromising a Windows domain admin, then issued remote wipe commands through Microsoft Intune, destroying nearly 80,000 devices and temporarily disabling Stryker’s electronic ordering systems. The U.K.’s National Health Service confirmed that certain Stryker orders were disrupted, requiring an interim ordering system.

The Intune vector is worth a second mention because its detection profile is nearly zero by default. An attacker issuing remote wipe commands through MDM generates no malware alerts, no lateral movement detections, and no anomalous binary executions. It looks identical to an authorized IT operation. CISA and Microsoft have both issued hardening guidance since the incident. Organizations running Microsoft Intune should audit Global Administrator accounts, enable activity logging on bulk device operations, and require dual approval for any high-impact MDM action including remote wipe. The FBI seized two Handala-operated websites after the attack. Handala confirmed it continues to operate.

Key sources:

• https://www.cybersecuritydive.com/news/stryker-Iran-cyberattack-material-impact-earnings/817211/
• https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-fully-operational-after-data-wiping-attack/

The Pattern This Week

All three primary incidents this week share an architecture: the attacker used a trusted channel to deliver a payload or gain access that defensive tooling was not configured to question. North Korea used the npm registry’s own update mechanism. China used an ISP vendor pathway that the FBI’s network was built to trust. The Booking.com attacker used hotel portal credentials that look, from the platform’s perspective, exactly like hotel staff doing their job.

This is not a new observation. It is a pattern that has been consistent for long enough that it should be driving architectural decisions, not just detection tuning. The FBI DCSNet breach is the starkest version of the problem: CALEA created a mandatory attack surface in 1994, and no legislation since has required that surface to be secured against the adversaries who have now spent years systematically exploiting it. The npm supply chain has produced high-profile compromises at the scale of Event-Stream (2018), SolarWinds-adjacent incidents, and now Axios, and the trust model has not fundamentally changed. Booking.com’s hotel partner portal is the same access point it was in 2023.

Defensive architecture catches up to attacker behavior eventually. The question is how many confirmed major incidents it takes to get there.

See you next week.