North Korean Hackers Hijack Axios Library Using Sophisticated Social Engineering
Key Takeaways
- Two malicious Axios npm versions published March 31.
- Weeks-long social engineering targeted Axios maintainers to gain access.
- Malware delivered via compromised packages included a cross-platform remote access Trojan.
The Two-Week Hack
North Korean hackers executed a two-week social engineering campaign to hijack the Axios library.
They created a convincing Slack workspace with fake employee profiles.
The target was tricked into downloading malware granting remote access to their system.
Attackers pushed two malicious Axios packages live for roughly three hours.
Axios has 45 million weekly downloads, so millions could have been exposed.
Broader Campaign Against Developers
The Axios hack was part of a sustained North Korean campaign targeting multiple Node.js maintainers.
The same tradecraft was used against several other prominent developers.
Google researchers had documented similar techniques by Lazarus Group before.
The operation's professionalism and patience make it particularly dangerous.
Wider Implications
The Axios compromise raised urgent questions about open-source software supply chain security.
The attack exploited the inherent trust developers place in each other's code.
Government actors and criminals are increasingly focusing on mass-market tools.
Well-resourced state actors can exploit social engineering to infiltrate vital software ecosystems.
More on Technology and Science
Hackers Access Booking.com Customer Data Including Personal Details, Company Updates PINs
13 sources compared
NASA's Artemis II Astronauts Complete Historic 10-Day Lunar Mission Safely
16 sources compared
NASA's Artemis II Completes Historic Moon Flyby, Paving Way For 2028 Lunar Landing
34 sources compared
Christina Koch Completes Historic Artemis II Lunar Mission, Elevates Ghana's Global Image
18 sources compared