Wow, fake slack and fake Teams update in the npm hack...
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors.
@ai6yr wow this social engineering attack should be made a major motion picture!
"The attackers then scheduled a meeting on Microsoft Teams that appeared to include numerous people.
During the call, a technical error was displayed, claiming that something on the system was out of date, prompting the maintainer to install a Teams update to fix the error." (The update was a trojan.)
@ai6yr can you imagine being the guy targeted for this?
He probably got a bad feeling in the middle of all of it but figured there was no way there was a fake slack, fake channels, fake profiles, than a fake team's call with a fake technical problem and a fake update which let them steal his credentials.
AI6YR Ben
Jonathan
qurlyjoe