"The hackers began their targeting campaign roughly two weeks before gaining control of a maintainer's computer. The playbook was patient and specific: the attackers posed as employees of a real company, created a convincing Slack workspace, and used fake employee profiles to build credibility over multiple interactions."
"The final step was a web meeting invitation that prompted the target to download what appeared to be a software update required to join the call. The download was malware. It granted the attackers remote access to the system."
"Once inside, the hackers published two poisoned Axios packages that could steal private keys, credentials, and passwords from any system that installed them. Two weeks of work. Three hours of exposure."
In March, North Korean hackers targeted Axios, a widely used JavaScript library, through social engineering. They gained access to a maintainer's computer over two weeks, creating fake employee profiles and a convincing Slack workspace. The attackers sent a web meeting invitation that included malware disguised as a software update. Once inside, they published poisoned Axios packages that could steal sensitive information. The malicious packages were live for about three hours before being removed, potentially exposing many systems that installed updates during that time.
Read at Silicon Canals
Unable to calculate read time
Collection
[
|
...
]