[CDP-development] FW: [TLP:AMBER+STRICT] Axios Node Package Manager Compromise IOCs
Galusha, Kevin
KGalusha at clackamas.us
Tue Apr 28 10:25:12 PDT 2026
Disruptors,
Forwarding on behalf of Leslie.
Kevin Galusha, CISSP
Cybersecurity Architect
Clackamas County Technology Services
(503)723-4960
KGalusha at clackamas.us<mailto:KGalusha at clackamas.us>
www.clackamas.us<http://www.clackamas.us/>
From: Kainoa, Leslie <leslie.kainoa at cisa.dhs.gov>
Sent: Tuesday, April 28, 2026 9:54 AM
To: Galusha, Kevin <KGalusha at clackamas.us>
Subject: Fw: [TLP:AMBER+STRICT] Axios Node Package Manager Compromise IOCs
Warning: External email. Be cautious opening attachments and links.
________________________________
________________________________
Hi Kevin, Forwarding to share with the Cyber Disruptors. Thank you! Respectfully, Leslie From: cyberliaisonsltt at cisa.dhs.gov<mailto:cyberliaisonsltt at cisa.dhs.gov> <cyberliaisonsltt at cisa.dhs.gov<mailto:cyberliaisonsltt at cisa.dhs.gov>> Sent: Tuesday, April 28, 2026 9:40 AM To: CISA.IOD.REGION_All <cisa.iod.region_all at cisa.dhs.gov<mailto:cisa.iod.region_all at cisa.dhs.gov>> Subject: [TLP:AMBER+STRICT] Axio
<https://login-us.mimecast.com/u/login/?gta=apps&link=cybergraph-report/eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.MHnzROOXnDZP18FvhgiHeFyIHwNY1pXPS_Aw8fogcpia_pN_wjJwSIHMi2fxg1l1UvAKxH4KRouLB9pkBijA8DjZMAXH32uBUYXnftlzhaoDzF_SSvRLy4LDdxEbehxIfNf8fGHJmjEblaGxXEc_LNEJ_Iiw-uLvvzadqtkjZISLcb6v15vQRvcHLhm2eb82Rwi_9Rpfo25jAlk2u3U3eQiIg4aYxrYWOJh0eszDqwbYlKFVmhdRS9ajo8UixtF5l319gqphyXDFTq238MwFGobsleOY3w5Z8kLZR0p-cWhcX0mD2oCF1VTtoqOvZd8nio8nFc8HShwJM9zrL4FaYg.05KoBYFVBfwD9zfH.Z8_--lnf_mOwqCKxQP95cfSnTM2XH5sW41LXoBHoJWhtC2q81y8pdvnSLLrTtPo8KpcG25cK1BTnxWP9tPF3-MhsQIS32YayGhU2IF6nooS4O33L4scDgMHiRvc8fq81TtBaFcT_QN6S1w5r7m301zL9bp6amzKCY22UUlOsLBJvedd-IV9srGnkJMixLrGXjM5c0d4HYFswKnWRhQBpxppltT95y8JIVM0Fh4DYKssF3NkTiDTL2aKO2OYtThzAjwfaEebUvCsQDZvnKSmQaL1i4PNE_H4p-zpUaAHe1OzATzOruiyEgQDnloutjhGDBx8_BIJGnZ_F_YOTHopCPgHz2tCCzUD2_3DelYcc52hSbZP1SFqeOwXOGGOUaD8Shj7JUw1r5dhPwZewDaq4--cLV5Znr3mXaQz-X3Jv04c3F6rh-bPk2g48A6QaRPK8YC9xeA1PuzeHeg7JSiF0gfCB6xY39f-cJjlppws0EhhGH10CrRds5febghtYK2E.zzHeMa8IIyI9MsKmzTzDow>
CGBANNERINDICATOR
Hi Kevin,
Forwarding to share with the Cyber Disruptors. Thank you!
Respectfully,
Leslie
________________________________
From: cyberliaisonsltt at cisa.dhs.gov<mailto:cyberliaisonsltt at cisa.dhs.gov> <cyberliaisonsltt at cisa.dhs.gov<mailto:cyberliaisonsltt at cisa.dhs.gov>>
Sent: Tuesday, April 28, 2026 9:40 AM
To: CISA.IOD.REGION_All <cisa.iod.region_all at cisa.dhs.gov<mailto:cisa.iod.region_all at cisa.dhs.gov>>
Subject: [TLP:AMBER+STRICT] Axios Node Package Manager Compromise IOCs
TLP:AMBER+STRICT
Greetings SLTT Partners,
CISA is sharing some indicators of compromise with your organizations to hunt for any potential malicious activity stemming from the Axios npm compromise. Please review the guidance outlined in our alert<https://www.cisa.gov/news-events/alerts/2026/04/20/supply-chain-compromise-impacts-axios-node-package-manager> released on April 20th for concrete mitigation actions your organizations can take to reduce your risk to this activity.
Sincerely,
[Logo AI-generated content may be incorrect.]
CyberLiaison SLTT
Cybersecurity and Infrastructure Security Agency (CISA)
Cybersecurity Division | Joint Cyber Defense Collaboration (JCDC)
SLTT Partnerships | CyberLiaisonSLTT at cisa.dhs.gov<mailto:CyberLiaisonSLTT at cisa.dhs.gov>
https://www.cisa.gov/tlp<https://www.cisa.gov/tlp>
Recipients may share TLP:AMBER+STRICT information only with members of their own organization on a need-to-know basis to protect their organization and prevent further harm.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260428/f08cf4ee/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1777393898014-th1w75c-inline_image_1777393897892_0.png
Type: image/png
Size: 12436 bytes
Desc: 1777393898014-th1w75c-inline_image_1777393897892_0.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260428/f08cf4ee/attachment-0001.png>
-------------- next part --------------
An embedded message was scrubbed...
From: postmaster at clackamas.us
Subject: We found suspicious links
Date: Tue, 28 Apr 2026 12:54:32 -0400
Size: 31216
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260428/f08cf4ee/attachment-0001.mht>
More information about the CDP-development
mailing list