North Korean Hackers Target Open-Source Maintainer Through Elaborate Social Engineering Campaign

8 Apr 2026

Don't missHot stuffNewsLinkedInopen sourceOpenSSFSlackSocial engineeringSocketsoftware developmentNorth KoreahackersnpmmalwareRATremote access trojanAxiosMicrosoft Teamssupply chain attack

North Korean hackers conducted a prolonged social engineering campaign targeting an Axios open-source maintainer, using a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call to deceive the victim into installing a remote access trojan (RAT) disguised as a software update. The attackers exploited this access to inject malware into npm packages, which were downloaded over 100 million times per week. The Open Source Security Foundation (OpenSSF) issued an advisory warning that unknown threat actors are employing similar tactics to target additional open-source developers. The attack vector involved impersonation and malicious updates rather than disclosed vulnerabilities. No specific dates or CVE IDs were mentioned in the report.