The Axios Compromise: What Happened
Late last month, the NPM package for Axios — an extremely popular JavaScript HTTP client library downloaded more than 100 million times per week — was compromised through a carefully orchestrated social engineering attack. The threat actor behind the campaign, believed to be the North Korean threat group UNC1069, successfully took over the account of lead maintainer Jason Saayman and subsequently published two malicious versions of the package to NPM. Each malicious version introduced a new dependency containing a remote access Trojan (RAT) designed to infect developers who installed the tainted updates.
The software development community responded quickly. The malicious versions were pulled within a few hours. However, given Axios's staggering download volume, the potential exposure window was significant. In a post-mortem published on GitHub, Saayman described the multi-week campaign that led to his account being compromised and noted that the Axios team was still actively investigating the precise mechanics of the breach.
A Patient, Multi-Stage Attack
According to Saayman's account, the social engineering effort began roughly two weeks before the actual package compromise. Threat actors posed as the founder of a company, cloning the founder's identity and fabricating the company itself. They invited Saayman into a real Slack Workspace that featured multiple active channels and was described as "super convincing."
From there, attackers invited Saayman to a meeting on Microsoft Teams. When he joined the call, he was prompted to install what was presented as a missing file needed because his system was supposedly "out of date." That file turned out to be the RAT, which was later distributed through the compromised NPM package. Saayman noted that the RAT granted full "unilateral" control over his computer — and critically, this control persisted despite two-factor authentication (2FA) being enabled on his NPM account.
The Broader Campaign: Not Just Axios
Security researcher Taylor Monahan (@tayvano) posted a detailed technical breakdown of the campaign in the same post-mortem thread. She observed that the attackers invest significant time in cultivating trust before the moment of compromise. There is no urgency, no one-click phishing lure — calls get rescheduled, relationships are built slowly, and the entire process is designed to disarm targets psychologically.
Monahan noted that these specific North Korean actors have, for years, targeted cryptocurrency founders, venture capital executives, and other public-facing individuals using similar social engineering playbooks. Their objectives vary: sometimes the goal is an information or cryptocurrency stealer, sometimes it is long-term persistent access, and sometimes it is the installation of keyloggers. Once inside, she emphasized, mechanisms like 2FA become irrelevant.
Development security vendor Socket published research late last week detailing the full scope of this campaign, noting that many members of the open source software community have been targeted. Among those targeted were several Socket engineers and the company's CEO, Feross Aboukhadijeh, who has created or contributed to dozens of widely used NPM packages. Numerous other developers and tech executives were approached using the same slow-burn social engineering methodology.
The Supply Chain Multiplier Effect
Aboukhadijeh told Dark Reading that a meaningful shift has occurred in how these attacks are being directed. Historically, this style of sophisticated social engineering was reserved for high-value targets — cryptocurrency executives or individuals with direct access to significant funds. But the calculus changes dramatically when the same tactics are aimed at open source maintainers.
"One successful compromise doesn't get you one wallet. It gets you write access to a package downloaded hundreds of millions of times a week, with a blast radius that extends to every organization running that code. That's a fundamentally different threat model, and it scales in a way that traditional social engineering never did."
This threat model is not theoretical. The Axios incident sits alongside other recent campaigns — including Shai-hulud and GlassWorm — that have put the open source development community under increasing pressure. If even a handful of maintainers with access to widely used packages can be compromised, the downstream consequences for organizations globally could be severe.
Why This Is Happening Now
Aboukhadijeh identified several converging factors enabling this shift. First, AI has dramatically reduced the cost of building convincing personas, helping threat actors maintain coherent conversations and bypass language barriers. Second, delivery mechanisms like ClickFix and similar tools have made payload delivery nearly frictionless. Third, attacker tooling overall has matured significantly.
Sarah Kern, principal threat researcher at Sophos, reinforced this view, noting that the Axios attack reflects a style of social engineering the Democratic People's Republic of Korea (DPRK) has been running for years. "While it only takes one high-value victim for a widescale attack like we've seen with the Axios supply chain, these threat actors are plotting these schemes full time with the backing of the North Korean regime," she said.
Tom Hegel, distinguished threat researcher at SentinelOne, pointed to the maturation of attacker operational infrastructure as a core driver. He told Dark Reading that the slow-burn approach to social engineering used to be expensive in terms of sustained human attention, which naturally limited how broadly it could be scaled. That constraint, he argues, is eroding.
"That constraint is loosening, and we should treat this as a permanent shift in the threat landscape rather than a spike."
Implications for the Open Source Ecosystem
The Axios attack serves as a stark reminder that open source maintainers — often volunteers or small teams — now represent high-value targets for nation-state threat actors. These individuals may not have the security resources or threat awareness of large enterprise teams, yet they control software that runs inside virtually every modern organization.
- The RAT distributed through Axios provided full remote control, bypassing 2FA entirely.
- The social engineering campaign ran for at least two weeks before the moment of compromise.
- Axios is downloaded more than 100 million times per week, illustrating the potential blast radius.
- UNC1069 has historically targeted cryptocurrency founders and venture capital executives, and is now pivoting toward open source maintainers.
- Multiple Socket engineers and CEO Feross Aboukhadijeh were also targeted by the same campaign.
As AI lowers the barrier to running persistent, convincing social engineering operations, and as attackers grow more aware of the leverage that open source access provides, the Axios incident may be less of an anomaly and more of an early signal of a widening campaign against the infrastructure that underpins modern software development.
Source: Dark Reading