Mastodawn

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors.

https://www.bleepingcomputer.com/news/security/axios-npm-hack-used-fake-teams-error-fix-to-hijack-maintainer-account/

Axios npm hack used fake Teams error fix to hijack maintainer account

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors.

BleepingComputer

Show thread

Jacen Sekai

@BleepingComputer Other than the Slack workspace, this doesn't really feel all that sophisticated of an attack, and I feel like this could have been pretty easily avoided