"The attackers used social engineering tactics previously observed in the DeceptiveDevelopment, Operation Dream Job, Contagious Interview, and ClickFake Interview campaigns."
"The campaign was likely mounted over the course of several weeks, with great attention to detail, to make the lures as convincing as possible."
"The operation takes weeks to execute and is deliberately designed to trick the intended victims into executing malware."
"All reported a similar social engineering attack as Saayman, indicating a coordinated effort targeting multiple high-profile Node.js maintainers."
The North Korean hacking group UNC1069 has been targeting Node.js maintainers through social engineering tactics. The Axios supply chain attack on March 31 involved malicious package versions published to the NPM registry, affecting over 3 million users. Axios maintainer Jason Saayman was infected with a backdoor after being lured into a fake update during a scheduled meeting. Other high-profile maintainers have reported similar attacks, indicating a coordinated campaign that emphasizes building trust and using legitimate meeting infrastructure to execute malware.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]