An NPM supply-chain attack campaign, dubbed IconBurst, has been seen leveraging several malicious NPM modules to infect hundreds of systems. Researchers have observed similarities between the domains used to exfiltrate information implying that the different modules used in this campaign are controlled by a single threat actor.