North Korean group targets Node.js maintainers with staged social lures.

A North Korean-linked hacking group used a weeks‑long social engineering campaign to compromise open‑source developers after breaching Axios through a similar tactic. Attackers posed as legitimate contacts, invited maintainers to Slack and Teams meetings, and delivered malware through a fake update prompt. Socket says multiple high‑profile Node.js maintainers were targeted, all responsible for widely used NPM packages. Security researchers warn the operation is deliberate, patient, and far more sophisticated than typical phishing attempts.

Read more:

https://www.securityweek.com/north-korean-hackers-target-high-profile-node-js-maintainers/