A security incident involving the widely used Axios HTTP library has revealed how attackers are increasingly targeting software maintainers themselves, rather than exploiting code vulnerabilities, to carry out large-scale supply chain attacks.
The issue came to light after Axios maintainers disclosed that an attacker gained access to a contributor’s npm account and used it to publish two compromised versions of the package, 1.14.1 and 0.30.4. These releases included a hidden dependency named plain-crypto-js, which deployed a remote access trojan across macOS, Windows, and Linux systems.
Although the malicious packages were available for only about three hours before being removed, the short exposure window does not reduce the severity. Any system that installed these versions is now considered unsafe. Users have been advised to immediately rotate all credentials, revoke authentication tokens, and assume full compromise of affected environments.
The Axios team confirmed that they have since secured their infrastructure by resetting credentials, cleaning impacted machines, and introducing additional safeguards to prevent similar incidents.
Further investigation by Google Threat Intelligence Group linked the activity to a North Korea-associated threat actor identified as UNC1069. This group, active since at least 2018, is believed to be financially motivated. Attribution was based on malware similarities, including the use of an updated toolset previously tied to the group, as well as overlaps in command-and-control infrastructure observed in earlier operations.
Social Engineering as the Entry Point
The compromise did not begin with a technical flaw. Instead, it started weeks earlier with a carefully orchestrated social engineering attack targeting Axios maintainer Jason Saayman.
Attackers posed as a legitimate organization by replicating its branding, leadership identities, and communication style. They invited the target into what appeared to be a genuine Slack workspace. This environment was not hastily assembled. It contained multiple channels, staged conversations, and curated activity, including links that redirected to real company LinkedIn profiles. Fake user accounts were also created to impersonate employees and known open-source contributors, increasing credibility.
After establishing trust, the attackers scheduled a video meeting that appeared to involve several participants. During the session, the target was shown what looked like a technical issue, specifically a connection-related error. He was then instructed to install an update presented as necessary to resolve the problem.
In reality, this “update” was malicious software that granted the attackers remote access to the system. Once inside, they were able to extract authentication credentials linked to the npm account.
Repeated Tactics Across Multiple Targets
Other maintainers later reported nearly identical experiences. In several cases, attackers attempted to persuade targets to install what they described as a Microsoft Teams software development kit update. When that approach failed, they escalated their efforts by asking victims to execute command-line instructions, including downloading and running scripts via Curl commands.
One such target, Pelle Wessman, described how attackers abandoned the interaction and deleted all communication after he refused to comply.
These methods align with a broader category of attacks sometimes referred to as “ClickFix” techniques, where victims are misled into resolving fake technical issues that ultimately result in malware execution.
Bypassing Security Controls
Because the attackers gained access to already authenticated sessions, they were able to bypass multi-factor authentication protections. This highlights a critical limitation of MFA, which is effective against credential theft but less effective once an active session is compromised.
Importantly, the attackers did not modify Axios’s source code directly. Instead, they inserted a malicious dependency into legitimate package releases, making the compromise significantly harder to detect during routine checks.
A Coordinated Supply Chain Campaign
Research from Socket indicates that this incident is part of a broader, coordinated campaign targeting maintainers across the Node.js ecosystem. Multiple developers, including contributors to widely used packages and even core components, reported receiving similar outreach messages through platforms such as LinkedIn and Slack.
The attackers followed a consistent pattern: initial contact, trust-building within controlled communication channels, followed by staged video calls where victims were prompted to install software or run commands under the pretense of fixing technical issues.
The scale of targeting is particularly concerning. Many of the developers approached are responsible for packages with billions of weekly downloads, meaning a single compromised account can have far-reaching consequences across the global software ecosystem.
Future Outlook
This incident surfaces a new course in attacker strategy. Rather than focusing solely on software vulnerabilities, threat actors are increasingly exploiting human trust within high-impact projects. Open-source software, which underpins much of today’s digital infrastructure, becomes an attractive target due to its widespread adoption and reliance on maintainers.
Security experts warn that such attacks are likely to increase in frequency. Protecting against them will require not only technical safeguards, but also stronger operational discipline, including stricter access controls, hardware-based authentication, and heightened awareness of social engineering tactics.
The Axios breach ultimately demonstrates that in modern supply chain attacks, the weakest link is often not the code, but the people who maintain it.
