[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpKFICzELY9LPsIXMQy_09oqgOIOzkBhX2q6TOFwUojI":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":17,"created_at":18,"published_at":19,"article":20,"tags":23},"ec8d264c-3cdd-40da-bc35-36cd0e64a986","north-korean-actors-compromise-npm-supply-chain-through-social-engineering","1dc3cfe4-9207-44c6-9915-407d663123fa","North Korean Actors Compromise npm Supply Chain Through Social Engineering","UNC1069 successfully compromised the popular Axios npm package through sophisticated social engineering targeting maintainer Jason Saayman, using fake company identities and communication platforms to deliver malware and steal credentials. The attackers then published malicious versions of Axios containing the WAVESHAPER.V2 implant, potentially affecting millions of downstream applications. This incident highlights the critical vulnerability of open-source supply chains when maintainers lack adequate security awareness and authentication protections. The attack's scale demonstrates how compromising a single trusted maintainer can impact nearly 100 million weekly package downloads.","**Immediate actions:**\n- Verify and update all Axios dependencies to clean versions, avoiding 1.14.1 and 0.30.4\n- Implement multi-factor authentication for all package repository accounts and critical development tools\n- Enable package integrity verification and dependency scanning in CI\u002FCD pipelines\n\n**Long-term improvements:**\n- Establish mandatory security awareness training for open-source maintainers focusing on social engineering tactics\n- Implement code signing and multi-party approval processes for package releases\n- Create incident response procedures specifically for supply chain compromises\n\n**Detection measures:**\n- Monitor package dependencies for unexpected version changes or suspicious update patterns\n- Deploy runtime application security monitoring to detect malicious package behavior\n- Establish automated alerts for new versions of critical dependencies before deployment",[12,13,14,15,16],"NIST SP 800-161 Supply Chain Risk Management","CIS Control 2 (Inventory Management)","CIS Control 14 (Security Awareness)","SLSA Framework Level 3","SSDF (Secure Software Development Framework)","published","2026-04-03T14:08:50.316162+00:00","2026-04-03T14:08:50.226+00:00",{"id":7,"url":21,"title":22},"https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Func1069-social-engineering-of-axios.html","UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack",[24,30],{"id":25,"name":26,"slug":27,"description":28,"color":29},"7261eb8f-acd4-4d93-a489-7fdd652ec0ea","Security Awareness","security-awareness","Phishing, social engineering, human error","#22c55e",{"id":31,"name":32,"slug":33,"description":34,"color":35},"f0c2a0af-58aa-4128-87c9-6acd30f2dc48","Supply Chain","supply-chain","Third-party risk, compromised dependencies","#8b5cf6"]