"Unfortunately, I fell victim to a fairly well-known (though not to me) social engineering attack, in which a group posed as someone interested in collaborating on open source or something similar. This led to my account being hacked."
"According to Google, UNC1069 is responsible for the attack. That group is financially motivated and primarily targets crypto companies, as Google describes in an analysis published in February."
"The pattern of hijacking maintainer accounts to publish malicious npm packages is not new. In September 2025, the popular packages Chalk and Debug were already compromised following a phishing attack on a maintainer account."
The Axios maintainer's account was taken over by the North Korean group UNC1069 through a social engineering attack. This led to the publication of compromised versions that installed a Remote Access Trojan on various operating systems. The maintainer detailed the attack on GitHub, explaining that he was deceived by individuals posing as collaborators. UNC1069 has been active since 2018, primarily targeting crypto companies and employing AI tools for social engineering. Following the incident, the maintainer reset his accounts and improved his security practices.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]