Individual developers who work on important upstream open-source software projects are being explicitly targeted with tailored social engineering campaigns – with the full weight of a nation state behind them. 

The big idea, in simple metaphor: poison the reservoir relied on by millions of houses – and end up with your poison flowing through their taps. 

 From a great distance, North Korea looks incapable of functioning with sophistication across today’s cyber highways and byways. Does this peculiar, totalitarian, autarky (run by a pudgy third-generation dictator) which is almost completely cut off from the rest of the world, really have highly competent hackers who run such competently malicious digital ops?

“Yes”, is the short answer of most cybersecurity experts, and whilst many security researchers get sick of hearing about the nefarious plans of a loose quadrumvirate-of-evil of China, Iran, North Korea, and Russia, (French, or Israeli, or Five Eyes offensive cyber campaigns rarely get caught and publicly dissected by private sector threat intelligence teams), they are a real threat.

Google has attributed one of the most potent recent examples of this activity to a North Korean, “financially motivated” threat group it dubs UNC1069 – saying the group was responsible for an attack on the popular “Axios” open-source project in the npm registry; which is downloaded over 100 million times each week by software developers all around the world. 

As reported by The Stack, during that attack two Axios versions were compromised and pulled into what cloud security firm Wiz estimates was 3% of cloud environments in just the three hours they were available. 

Fake Slack channels and Teams calls

Shortly before the Easter weekend, Axios maintainer Jason Saayman revealed that the attack began with a targeted, personalised social engineering campaign – which Google on March 31 attributed to UNC1069.

In a Q&A on the event post-mortem, published to Axios’s Github repository, he said that “they reached out masquerading as the founder of a company.”

The attackers then invited him to a real Slack workspace, with well laid-out channels where fake staff were sharing LinkedIn posts; “super convincing.” 

They then scheduled a meeting with him on Teams; on joining the call, he got a pop-up that suggested something was out-of-date on his system. 

He installed it and was compromised by a remote access trojan.

‘Everything was extremely well co-ordinated looked legit and was done in a professional manner,” Saayman wrote. The attackers used their access to his systems to poison two Axios release versions with malware that was designed to go and harvest credentials from other systems. 

"Hundreds of thousands of stolen secrets"

Google says it estimates that “hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks. This could enable further software supply chain attacks… SaaS environment compromises (leading to downstream customer compromises), ransomware and extortion events, and cryptocurrency theft over the near term…”

The attacks follow a process well sketched-out by Google Threat Intelligence Group (GTIG) in a February report, which detailed an attack on an unnamed “FinTech entity.” In that incident, GTIG saw a “tailored intrusion resulting in the deployment of seven unique malware families [that started with a] social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, reported usage of AI-generated video to deceive the victim, and malicious popups after a scheduled meeting had audio issues.

This earlier incident started when the attackers sent a “Calendly link to schedule a 30-minute… spoofed Zoom meeting that was hosted on the threat actor's infrastructure, zoom[.]uswe05[.]us,” GTIG said. 

“The first malicious executable file deployed to the system was a packed backdoor tracked by Mandiant as WAVESHAPER [which deployed a] downloader tracked by Mandiant as HYPERCALL as well as subsequent additional tooling to considerably expand the adversary's foothold…”

Again, the attack was highly personalised and resulted in what Mandiant described as an “unusually large amount of tooling dropped onto a single host targeting a single individual. This evidence confirms this incident was a targeted attack to harvest as much data as possible [for] fueling future social engineering campaigns by leveraging victim’s identity and data.”

“Dependency…”

Most people in tech are familiar with the infamous and widely adapted “dependency” comic strip by XKCD, showing “all modern infrastructure” balanced precariously on a thin column, described as “a project some random person in Nebraska has been thanklessly maintaining since 2003…” 

It’s widely shared because it is strikingly true – and the ease with which generative AI can make even North Korean hackers sound convincingly and fluently American on fake Slack channels or Teams calls means that there’s no shortage of threat actors chipping away at that “random person.”

Indeed, speculation abounds that a potentially devastating, thwarted-by-sheer-geeky-curiosity attack on the xz-utils package back in 2024 may also have been the work of North Korean actors. (In that incident, the data compression utility widely used in Linux was backdoored and used to sneak malicious code onto Kali Linux, Fedora 40, Debian testing and openSUSE Tumbleweed, amongst other largely beta/experimental Linux releases in an incident that Kali Linux said posed “a threat to the entire Linux ecosystem.”)

In that incident, a developer going by the name “Jia Tan” joined the project and started making pull requests for various bug fixes or improvements. 

After several years of confidence-building efforts, they gained commit permissions and release manager rights – seemingly after having used fake accounts to send an overwhelming number of requests and bug reports to pressure the original sole maintainer into bringing in more support.

The incidents reiterate how well important open-source project maintainers are being targeted and the extent to which developer laptops/credentials are a profoundly juicy target for attackers of any stripe. They also, arguably, draw closer attention to the fact that the teeming public registries like Maven Central, npm, PyPI et al, from which so many developers pull packages of OSS software, are increasingly high-risk dependencies.

The lesson for developers, most simply: Hone that awareness of risk; it may be unthinkable that the cyber hit-squads of a distant dictatorship are gunning for your laptop, but the evidence suggests that the project you have been "thanklessly maintaining" may be a more valuable target than you realise – and the popup on that Teams call isn't really a fix for the audio.

For cybersecurity and risk leaders alike meanwhile, an understanding of which of your critical systems rely on OSS packages sourced from public registries, and how you would prove you have conducted due diligence over that dependency if challenged, is a growing question; as are the control models you use to mitigate this kind of Pyongyang-meets-Nebraska risk.

See also: Default Teams configurations exploited in ransomware attacks

The link has been copied!