The Axios supply chain attack used individually targeted social engineering
9 hours ago
- #social engineering
- #RAT
- #supply chain attack
- The Axios team detailed a supply chain attack involving a malware dependency in a release.
- Attackers used a sophisticated social engineering campaign targeting a specific maintainer with tailored methods.
- They impersonated a company founder, invited the target to a convincing Slack workspace with branded content and fake profiles.
- A meeting on Microsoft Teams was scheduled, where a RAT (Remote Access Trojan) was installed under the guise of a system update.
- The stolen credentials allowed publishing of malicious packages, highlighting the need for maintainers to recognize such attack strategies.