'... Axios lead maintainer Jason Saayman explained that the hackers had infected his computer with a backdoor roughly two weeks before.

'After inviting Saayman to a Slack workspace, the hackers scheduled a meeting on Microsoft Teams. When joining the meeting, the maintainer received an error message and was instructed to install a fake update that infected his system with the RAT.

'UNC1069, the North Korean hacking group blamed for the Axios supply chain attack, is now using similar social engineering tactics in a campaign targeting multiple high-profile Node.js maintainers.

'The operation takes weeks to execute and is deliberately designed to feel unremarkable. Attackers build rapport over time, schedule calls in advance and reschedule them, and conduct themselves with the professionalism of a legitimate business contact'.
https://www.securityweek.com/north-korean-hackers-target-high-profile-node-js-maintainers/