A North Korean cyberattack hijacked the widely used Axios open-source project on March 31. The hackers spent weeks building trust with the project’s maintainer, Jason Saayman, as part of a long-running campaign. They posed as a real company using fake profiles and a realistic Slack workspace before luring him into a web meeting. There, they tricked him into downloading malware disguised as a required update.
After gaining remote access to Saayman’s computer, the hackers pushed malicious updates to Axios. The compromised packages were available for about three hours and may have infected thousands of systems, potentially stealing private keys and credentials. This social engineering tactic mimics previous North Korean attacks aimed at stealing cryptocurrency.
North Korean hackers are among the most active cyber threats, blamed for stealing billions in cryptocurrency to fund the regime’s weapons programs. They employ thousands of hackers who execute these complex, long-term attacks to steal funds and data.