Axios npm hack used fake Teams error fix to hijack maintainer account

Axios’s npm incidents underscore a rising class of supply-chain risks: social engineering that targets trusted project maintainers, leading to the insertion of malicious code into legitimate releases. In this latest wave, investigators traced a carefully orchestrated campaign that culminated in a triple-threat: a targeted impersonation of a legitimate company, a convincingly staged collaboration space, and a fake software update designed to deliver a remote access tool.

Weeks before a release went live with a tainted dependency, the attackers focused on the project’s lead maintainer. They cloned branding and founder likenesses to create a Slack workspace that looked authentic and familiar to the Axios team. In this environment, they staged realistic activity, including profiles that mimicked real employees and other open-source collaborators. The illusion extended to communications, channel structure, and even LinkedIn posts that appeared to originate from the real company’s account, all aimed at lowering scrutiny and raising trust.

The pivotal moment came when the attackers invited the maintainer to a video meeting hosted on a platform that was later revealed to be a spoof of a familiar collaboration service. During the call, an error message claimed something in the system was out of date. Trusting the prompt as a routine maintenance issue, the maintainer agreed to install a supposed Teams update. In reality, the installer delivered a remote access trojan that granted the attackers persistent access to the device and, crucially, access to npm credentials linked to the Axios project.

The immediate consequence was the publication of two malicious Axios versions—1.14.1 and 0.30.4—that added a nefarious dependency named plain-crypto-js. This dependency deployed a cross-platform backdoor, enabling attackers to access macOS, Windows, and Linux environments. The compromised releases remained publicly available for a brief window—roughly three hours—before they were removed. Any systems that installed during that window were deemed compromised, and credential hygiene became a critical concern as attackers gained access to authentication tokens and session data.

Axios’s response centered on containment and reset. Affected systems were wiped clean, credentials rotated, and the team announced that they would implement structural safeguards to prevent a repeat of the incident. In parallel, Google’s Threat Intelligence Group linked the attack to UNC1069, a North Korea–nexus actor described as financially motivated and active since at least 2018. The attribution note highlights notable overlaps with WAVESHAPER.V2 toolsets and infrastructure used by UNC1069 in prior operations, reinforcing the assessment that Axios was not an isolated target but part of a broader, coordinated approach.

The post-mortem notes a broader social engineering pattern: attackers first cultivated rapport through professional networking sites and collaboration spaces, then moved to private or semi-private channels before schedulingMeetings that could plausibly require updates or new software. In several cases, even after targets refused or questioned prompts, the attackers persisted, attempting alternative commands or tools to bypass suspicion. Some victims reported that MFA protections were bypassed after attackers gained access to authenticated sessions, underscoring how a single compromised foothold can cascade into broader access.

What investigators saw next was a clear delineation of the attack’s scope. While the Axios maintainers stated that the project’s source code was not altered, the malicious dependency injected into legitimate releases carried the payload. Security researchers, including veterans who work across multiple high-profile projects, confirmed that the tactic targeted multiple maintainers across Node.js ecosystems. The implication is stark: attackers are increasingly pursuing high-impact packages with global reach, multiplying the potential damage of each individual compromise.

The ongoing narrative extends beyond Axios. Analysts and security teams noted that the same playbook appeared in other campaigns tied to UNC1069, with early contact via LinkedIn or Slack and subsequent invitations to spaces designed to look legitimate. The end goal across these instances remained consistent: to bypass authentication, install native-looking software during a call, and harvest credentials that unlock broader access to developer projects and registries.

In summary, this event illustrates a multi-layered social-engineering attack that leveraged trust and professional branding to execute a supply-chain compromise. It also demonstrates how quickly a tainted release can propagate when a single maintainer’s environment is breached. The investigation confirms that the impact was not confined to a single package or project but signals a pattern—one that security teams across open-source ecosystems must recognize as a growing threat. The Axios maintainers’ acknowledgment and their commitment to credential hygiene, system remediation, and process hardening reflect a necessary response to a tactic that blends deception with technical intrusion, a combination that remains especially potent in the open-source landscape.