Social Engineering Attacks on Open Source Developers Are Escalating

"You have to feel bad for anyone duped by such an elaborate ploy": How a fake Microsoft Teams update helped North Korean hackers compromise countless Windows PCs

When you buy through links on our articles, Future and its syndication partners may earn a commission. It's been about a week since suspected hackers out of North Korea temporarily compromised axios, one of the world's most popular JavaScript HTTP client libraries. Now, more details are emerging…

Social engineering attacks on open source developers are escalating - National Cyber Security Consulting

North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the access they gained to inject malware into npm packages downloaded 100+ million times a week. […] Thank you for subscribing to our RSS feed! The post Social engineering attacks on open source deve…

Social engineering attacks on open source developers are escalating

North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the access they gained to inject malware into npm packages downloaded 100+ million times a week. Now, a fresh Open Source Security Foundation (OpenSSF) advisory warns unknown attackers are using a si…