A widely used open-source software project, Axios, was briefly compromised in a cyberattack linked to suspected North Korean hackers, exposing thousands of systems to potential data theft.
The breach occurred on March 31 and followed a weeks-long social engineering campaign targeting the project’s maintainer, Jason Saayman, according to details shared in a post-incident review.
The attackers reportedly posed as representatives of a legitimate company, building trust through fake profiles and a fabricated online workspace before inviting the developer to a virtual meeting. During the process, Saayman was tricked into downloading malware disguised as a software update, which granted the hackers remote access to his system.
After gaining control, the attackers published malicious versions of the Axios package, which remained available for about three hours before being removed. Security experts warn that systems that installed the compromised versions during that window may have had sensitive data, including private keys, credentials, and passwords, exposed.
The incident underscores growing concerns over the vulnerability of open-source software ecosystems, where widely used tools can become high-value targets for state-backed hacking groups. North Korean cyber actors, in particular, have been linked to a series of sophisticated attacks aimed at stealing data and cryptocurrency to circumvent international sanctions.
