The Cybersecurity and Infrastructure Security Agency on Monday released guidance related to the axios supply chain compromise originally disclosed in late March.
A suspected North Korean actor compromised the node package manager account for an axios maintainer last month. Axios is a Javascript library used widely across the software industry with millions of downloads per week.
CISA is urging security teams to monitor and review code depositories as well as continuous integration/continuous delivery pipelines that ran npm install or npm update on the compromised axios version, according to the guidance released Monday.
Security teams should search for cached versions of the affected dependencies in artifact repositories along with dependency management tools, according to the guidance.
If compromised dependencies are found during the search, organizations should revert the environment back to a known safe state, CISA said.
Any credentials that may have been exposed on an affected system or pipeline should be rotated or revoked, it added.
Security teams should also monitor for any anomalous behavior or unexpected child processes.
