The maintainer of the **Axios** npm package has confirmed a supply chain compromise stemming from a targeted social engineering attack attributed to North Korean threat actors tracked as **UNC1069**. ### A Carefully Crafted Deception **Jason Saayman**, the maintainer, stated that the attackers tailored their efforts specifically to him, initially posing as the founder of a legitimate company. They cloned the founder's likeness and the company's branding. "They had cloned the company's founders' likeness as well as the company itself," Saayman said in a post-mortem. "They then invited me to a real Slack workspace. This workspace was branded to the company's CI and named in a plausible manner. The Slack [workspace] was thought out very well; they had channels where they were sharing LinkedIn posts." ### Compromise via Fake Update The attackers scheduled a meeting on **Microsoft Teams**. During the call, Saayman was presented with a fake error message indicating an outdated system component. Triggering the update led to the deployment of a remote access trojan. This trojan granted the attackers access to steal npm account credentials, enabling them to publish two trojanized versions of the Axios npm package (1.14.1 and 0.30.4) containing an implant named WAVESHAPER.V2. "Everything was extremely well coordinated, looked legit, and was done in a professional manner," Saayman added.  *Source: **Kaspersky*** ### Echoes of Past Campaigns The attack chain shares similarities with tactics associated with UNC1069 and BlueNoroff. Previous campaigns, documented by **Huntress** and Kaspersky (under the name GhostCall), involved displaying fake error messages during calls and prompting users to download malicious Zoom or Teams SDKs via ClickFix-like pop-ups. These actions led to the execution of AppleScript (for macOS) or PowerShell (for Windows) scripts. ### CosmicDoor and SilentSiphon A malicious payload deployed in these attacks is a Nim-based macOS backdoor (or a Go variant for Windows) called CosmicDoor. This backdoor delivers a comprehensive stealer suite dubbed SilentSiphon to capture credentials from web browsers, password managers, and secrets related to GitHub, GitLab, Bitbucket, npm, Yarn, Python pip, RubyGems, Rust argo, and .NET NuGet. ### Evolving Threat Landscape "Historically, [...] these specific guys have gone after crypto founders, VCs, public people," security researcher Taylor Monahan said. "They social engineer them and take over their accounts and target the next round of people. This evolution to targeting [OSS maintainers] is a bit concerning in my opinion." ### Mitigation Steps Saayman has outlined several preventive measures, including resetting all devices and credentials, setting up immutable releases, adopting OIDC flow for publishing, and updating GitHub Actions to align with best practices. ### The Growing Risk to Open Source These findings underscore the increasing trend of sophisticated attacks targeting open-source project maintainers. By compromising maintainers, attackers can effectively target downstream users at scale by publishing poisoned versions of widely used packages. With Axios attracting nearly 100 million weekly downloads and being heavily integrated within the JavaScript ecosystem, the potential impact of such a supply chain attack is significant, propagating rapidly through direct and transitive dependencies. "A package as widely used as Axios being compromised shows how difficult it is to reason about exposure in a modern JavaScript environment," **Socket's** Ahmad Nassri said. "It is a property of how dependency resolution in the ecosystem works today."