ESET's May 2026 APT Report: Oil Shipments, Drone Makers, and a Poisoned npm Library

On 28 May 2026, ESET Research published its latest APT Activity Report, covering state-aligned operations observed in its telemetry from October 2025 through March 2026. Periodic vendor roundups like this one are valuable precisely because they are not single-incident reports: they show how multiple nation-state programs evolved in parallel over a defined window, which campaigns persisted, and which targets the major sponsors prioritized. For defenders building a threat model, the cross-actor view is often more actionable than any one disclosure.

Three threads dominate ESET's reporting period. China-aligned groups expanded espionage tied to Beijing's economic and security interests — maritime, energy, and political visibility abroad. North Korea's Lazarus umbrella continued to industrialize attacks on developers and crypto, including a software supply-chain compromise of the widely used axios npm package that belongs in every supply-chain security briefing. And Russia-aligned groups pressed destructive and espionage operations against Ukraine. Iran-aligned activity was shaped by the regional conflict that began in late February 2026.

This post summarizes ESET's findings, separates verified observations from inference, and pulls out the actions that matter most — with particular attention to the npm supply-chain event, which sits squarely at the intersection of nation-state espionage and the software supply chain. Attributions throughout are ESET's assessments; we report them as such.

TL;DR

• ESET's APT Activity Report (28 May 2026) covers state-aligned operations from October 2025 to March 2026 across China-, North Korea-, Russia-, and Iran-aligned actors.
• North Korea's BlueNoroff compromised the axios npm package (a JavaScript HTTP client with roughly 100 million weekly downloads) via maintainer social engineering and a trojanized update to harvest npm tokens and publish malicious versions.
• China-aligned groups (FamousSparrow, SteppeDriver, NegativeGlimmer) targeted a Venezuelan maritime entity tracking oil shipments, a Syrian government network, and a South Korean AI/robotics firm, among others.
• Russia-aligned Sednit and Sandworm deployed implants and wipers (Covenant, BeardShell, ZeroRays, NAUGHTYWIPE) against Ukrainian military and drone manufacturers, with a December 2025 attack on a Polish energy company attributed with medium confidence.
• Iran-aligned clusters (Rusty Boots, MoKhargosh, MOØN Badr) ran wiper and espionage activity focused on Israeli targets.
• Key action: the axios event is the highest-leverage item for most readers. Pin dependencies, verify provenance, and detect malicious package versions fast — supply-chain espionage now reaches you through your build, not just your inbox.

What happened

ESET's report is a structured roundup. We group the most concrete claims by sponsor, presenting them as ESET's assessments.

North Korea (Lazarus umbrella)

• BlueNoroff compromised the axios npm package. ESET describes the operation as impersonating a company founder via a fake Slack workspace and pushing a trojanized software update to harvest npm tokens, which were then used to publish malicious package versions. Axios is a JavaScript HTTP client downloaded roughly 100 million times per week, making it a high-leverage target. (Industry reporting on the same incident noted Google's Threat Intelligence Group linked related activity to a North Korea-aligned cluster, and that malicious versions were removed within hours of publication.)
• Andariel deployed TigerRAT and Rook ransomware against a South Korean liquid-hydrogen equipment manufacturer.
• Operation DreamJob targeted South Korean newspapers and pharmaceutical firms, after previously hitting European drone makers.
• ScarCruft compromised a gaming platform to collect intelligence on North Korean refugees.

China-aligned

• FamousSparrow targeted a Venezuelan maritime government entity involved in oil-shipment monitoring.
• SteppeDriver compromised a Syrian government network.
• NegativeGlimmer hit Cambodian and Panamanian government entities and a South Korean AI/robotics company, with ESET assessing intellectual-property theft as the motive.

ESET frames the China-aligned expansion as tracking Beijing's interest in maritime, energy, and political developments abroad following regional instability.

Russia-aligned

• Sednit deployed the Covenant and BeardShell implants against Ukrainian military targets and drone manufacturers.
• Sandworm deployed the ZeroRays and NAUGHTYWIPE wipers, and ESET attributes a December 2025 attack on a Polish energy company (using DynoWiper) to the group with medium confidence.

Iran-aligned

ESET describes three clusters with Iranian characteristics that it did not firmly attribute: Rusty Boots (a bootkit-style wiper against Israeli device manufacturers), MoKhargosh (the GoKhargosh backdoor, compromising 130-plus systems), and MOØN Badr (a small espionage campaign against Israeli targets).

Deep dive: the axios npm supply-chain compromise

Of everything in ESET's report, the axios compromise is the item most likely to have touched a reader's own environment, so it deserves the closest look.

The mechanics, as reported, are a maintainer-takeover supply-chain attack. Rather than find a vulnerability in axios, the actor went after the human who controls its publishing rights: social engineering through a fake collaboration workspace, a trojanized update that captured npm tokens, and then use of those tokens to publish malicious package versions to the registry. Anyone who installed or built against the bad versions during the exposure window pulled attacker code into their pipeline.

The reason this is so dangerous is reach. A package downloaded on the order of 100 million times a week sits transitively inside an enormous share of JavaScript projects, cloud functions, and build systems. Industry reporting on the incident noted the malicious versions were removed within roughly three hours, but supply-chain compromises have a long tail: infected versions can persist in lockfiles, caches, mirrors, and downstream artifacts long after the registry is cleaned. A short publication window does not mean a short exposure window.

The illustrative attack flow looks like this. This is a non-functional sketch for explanation:

# Illustrative maintainer-takeover supply-chain flow (not functional)
1. Social-engineer maintainer  ──►  capture npm publish token
2. Publish malicious axios@x.y.z  ──►  registry serves bad version
3. Victim CI runs `npm install` ──►  bad version enters build
4. Postinstall / runtime payload ──►  token + secret harvesting
5. Version yanked after ~3h     ──►  but persists in lockfiles/caches

This is supply-chain espionage in its purest form: a nation-state actor reaching thousands of downstream organizations through a single trusted dependency, the same structural pattern as historical software supply-chain incidents, but executed against an open-source registry rather than a commercial vendor's update channel.

What detection looks like

For the npm/supply-chain thread:

• Pin and verify dependencies. Lockfiles plus integrity hashes mean an unexpected version or hash mismatch is a detectable event, not a silent swap.
• Alert on dependency version churn for critical packages. A sudden new version of a foundational package like axios, especially a fast publish-then-yank, warrants automated review before it reaches a build.
• Monitor for token and secret access during installs. Postinstall scripts or runtime code reaching for npm tokens, cloud credentials, or environment secrets is a strong indicator.
• Maintain an SBOM and diff it. Knowing exactly which package versions are in your artifacts lets you answer "were we exposed?" in minutes, not days.

For the broader APT threads:

• Wiper and destructive-tooling indicators (ZeroRays, NAUGHTYWIPE, DynoWiper, Rusty Boots) — prioritize backup integrity and offline recovery for any organization in scope (energy, manufacturing, Ukraine/Israel-adjacent operations).
• Implant and RAT signatures (TigerRAT, Covenant, BeardShell, GoKhargosh) — ingest ESET's published IOCs into EDR and SIEM.
• DreamJob-style lures — recruitment-themed social engineering against developers and engineers, consistent with North Korean tradecraft.

Illustrative SBOM-diff check, adapt to your tooling:

# Illustrative — flag a critical dependency changing version unexpectedly.
ALERT WHEN
  sbom.diff(package="axios")
  AND new_version NOT IN approved_versions
  AND time_since_publish < 72h

What to do Monday morning

Ordered by urgency:

1. Audit your dependency tree for the affected axios versions. Diff lockfiles, CI caches, and built artifacts against the known-bad versions; rebuild and re-pin to a verified-clean release. Clear poisoned versions from internal mirrors and caches.
2. Rotate npm tokens and CI secrets that could have been exposed in any pipeline that installed a bad version during the exposure window.
3. Generate or refresh an SBOM for your critical applications so you can answer exposure questions fast, now and for the next incident.
4. Harden registry-facing trust: enforce lockfile integrity, restrict postinstall scripts where feasible, and require review for new versions of foundational dependencies.
5. For destructive-threat exposure (energy, manufacturing, Ukraine/Israel-adjacent), validate offline, immutable backups and rehearse recovery.
6. Ingest ESET's published IOCs across the named families into detection tooling, and brief engineering teams on DreamJob-style recruitment lures.

Why this keeps happening

The cross-actor view ESET provides shows a consistent structural truth: nation-state programs increasingly reach their targets through trust relationships rather than perimeter breaches. North Korea targets the open-source registries every developer depends on. China-aligned groups target the maritime and energy entities whose data feeds national decision-making. Russia targets the manufacturers and utilities tied to a war. In each case the path runs through a trusted component — a package, a supplier, a signed binary — because that path scales and because defenders under-instrument it.

The axios case is the clearest illustration. The open-source supply chain is a shared dependency for the entire industry, maintained largely by volunteers, with publishing rights protected by individual accounts. A single maintainer takeover converts that shared trust into mass exposure. This is not a vulnerability that a patch fixes; it is a property of how the ecosystem distributes trust.

The structural fix

For the supply-chain thread, the leverage is in provenance and reachability. Tracking exactly what is in your software via SBOM lets you answer exposure questions in minutes when the next foundational package is poisoned, and reachability analysis helps distinguish a dependency that is merely present from one whose malicious code your application would actually execute. Verifying build and package integrity via SLSA provenance and Sigstore raises the cost of slipping a malicious version through, and maintainer-takeover detection and typosquatting defense target exactly the registry-trust abuse BlueNoroff used here. None of this prevents a state actor from trying; it shortens the time between a poisoned publish and your awareness of it, and narrows what that poison can reach.

What we know we don't know

ESET's attributions are vendor assessments based on its telemetry, with explicit confidence qualifiers in places (the Polish energy attack is medium-confidence). Telemetry-based roundups are shaped by where the vendor has visibility, so absence of an actor or region in the report does not imply inactivity. For the axios incident specifically, the exact method of the initial maintainer compromise and the full count of downstream organizations that executed the malicious code are not fully public; industry reporting offered ranges (e.g., malicious versions observed in a small percentage of scanned environments) rather than confirmed totals. Treat the campaigns and IOCs as well-grounded and the precise scope figures as estimates.

References

• ESET Research APT Report: China-aligned groups spy in Venezuela and the Gulf, target AI robotics in S. Korea — ESET / GlobeNewswire (28 May 2026)
• Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns — Help Net Security (28 May 2026)
• ESET releases latest APT report — ESET Newsroom
• North Korean hackers implicated in major supply chain attack (axios) — Axios (31 Mar 2026)
• Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems — The Hacker News
• Safeguard: SBOM, Reachability analysis, SLSA provenance, Sigstore, Maintainer-takeover detection, Typosquatting defense