Mastodawn

I wrote some words for TechCrunch about how North Korean hackers took weeks to hack the top developer of one of the web's most popular open-source projects, Axios. Increasingly difficult to defend against well-resourced and persistent hackers when you're a small team or lone developer.

https://techcrunch.com/2026/04/06/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making/

North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch

North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.

TechCrunch

Show thread

Angela Bennett 8h ago

@zackwhittaker From what I learned so far, the ZX hack took like 2 years in the making. Perhaps this maintainer had a lower threshold. The FOSS movement is seriously threatened at this point

Show thread

Officeplant 8h ago

@zackwhittaker I find it hard to say difficult to defend, when the dev was pwn'd by a fake teams popup. We can't just be out here clicking the reddest of red flags.

Then again maybe the world needs a refresher on computing self defense if everyone is this fast to click a popup.

Show thread

HankB 8h ago

@zackwhittaker

npm

'nuff said

Show thread

Socket 7h ago

@zackwhittaker We found this campaign is far more widespread than just Axios - tons of high-impact Node.js package maintainers are actively being targeted right now with the same playbook. Some have gotten frighteningly close to getting compromised: https://socket.dev/blog/attackers-hunting-high-impact-nodejs-maintainers

Attackers Are Hunting High-Impact Node.js Maintainers in a C...

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

Socket