"The Axios maintainers said they have wiped affected systems, reset all credentials, and are implementing changes to prevent similar incidents."
"GTIG attributes this activity to UNC1069, a financially motivated North Korea-nexus threat actor active since at least 2018, based on the use of WAVESHAPER.V2."
"The attackers impersonated a legitimate company, cloned its branding and founders' likenesses, and invited the maintainer into a Slack workspace designed to impersonate the company."
North Korean hackers targeted Axios maintainers through a social engineering campaign, compromising a maintainer account. This led to the release of two malicious Axios versions on npm, which injected a remote access trojan. The malicious packages were available for three hours before removal, and systems that installed them are considered compromised. Affected maintainers have reset credentials and wiped systems. Google linked the attack to UNC1069, a financially motivated North Korean threat actor active since 2018, based on infrastructure analysis and previous activities.
Read at BleepingComputer
Unable to calculate read time
Collection
[
|
...
]