Close Menu
    What's Hot

    The great AI layoff is turning into the great AI rehire

    Trump Says His Thursday Speech Will Focus on Election Security and Voting Machines

    How the failed 2016 coup reshaped Turkiye’s civil-military relations | Turkey Attempted Coup News

    Facebook X (Twitter) Instagram
    Trending
    • The great AI layoff is turning into the great AI rehire
    • Trump Says His Thursday Speech Will Focus on Election Security and Voting Machines
    • How the failed 2016 coup reshaped Turkiye’s civil-military relations | Turkey Attempted Coup News
    • Wayfair Coupons: Up to 80% Off July 2026
    • Today on Sky Sports Racing: Bath, Lingfield, Yarmouth and Uttoxeter | Racing News
    • OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials
    • Years After He Quit Smoking, a Lung Cancer Scan Saved His Life
    • South China Sea Nine-Dash Line Ruling, 10 Years On
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

    adminBy adminApril 3, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananApr 03, 2026Threat Intelligence / Malware

    UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

    The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069.

    Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder of a legitimate, well-known company.

    “They had cloned the company’s founders’ likeness as well as the company itself,” Saayman said in a post-mortem of the incident. “They then invited me to a real Slack workspace. This workspace was branded to the company’s CI and named in a plausible manner. The Slack [workspace] was thought out very well; they had channels where they were sharing LinkedIn posts.”

    Cybersecurity

    Subsequently, the threat actors are said to have scheduled a meeting with him on Microsoft Teams. Upon joining the fake call, he was presented with a fake error message that stated “something on my system was out of date.” As soon as the update was triggered, the attack led to the deployment of a remote access trojan.

    The access afforded by the Trojan enabled the attackers to steal the npm account credentials necessary to publish two trojanized versions of the Axios npm package (1.14.1 and 0.30.4) containing an implant named WAVESHAPER.V2.

    “Everything was extremely well coordinated, looked legit, and was done in a professional manner,” Saayman added.

    The attack chain described by the project maintainer shares extensive overlaps with tradecraft associated with UNC1069 and BlueNoroff. Details of the campaign were extensively documented by Huntress and Kaspersky last year, with the latter tracking it under the moniker GhostCall.

    “Historically, […] these specific guys have gone after crypto founders, VCs, public people,” security researcher Taylor Monahan said. “They social engineer them and take over their accounts and target the next round of people. This evolution to targeting [OSS maintainers] is a bit concerning in my opinion.”

    As preventive steps, Saayman has outlined several changes, including resetting all devices and credentials, setting up immutable releases, adopting OIDC flow for publishing, and updating GitHub Actions to adopt best practices.

    The findings demonstrate how open-source project maintainers are increasingly becoming the target of sophisticated attacks, effectively allowing threat actors to target downstream users at scale by publishing poisoned versions of highly popular packages.

    Cybersecurity

    With Axios attracting nearly 100 million weekly downloads and being used heavily across the JavaScript ecosystem, the blast radius of such a supply chain attack can be massive as it propagates swiftly through direct and transitive dependencies.

    “A package as widely used as Axios being compromised shows how difficult it is to reason about exposure in a modern JavaScript environment,” Socket’s Ahmad Nassri said. “It is a property of how dependency resolution in the ecosystem works today.”

    attack Axios Chain engineering Led Maintainer npm Social Supply UNC1069
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous Article‘Mr President, you failed me’ – University of Fort Hare corruption fallout reaches Ramaphosa – The Mail & Guardian
    Next Article The Best Samsung Galaxy S26 Cases (2026): S26, S26+, and S26 Ultra
    admin
    • Website

    Related Posts

    OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

    July 15, 2026

    How Pentera Turns AI Security Workflows into Validation Engines

    July 15, 2026

    Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

    July 15, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    The great AI layoff is turning into the great AI rehire

    Trump Says His Thursday Speech Will Focus on Election Security and Voting Machines

    How the failed 2016 coup reshaped Turkiye’s civil-military relations | Turkey Attempted Coup News

    Wayfair Coupons: Up to 80% Off July 2026

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by