Last week, a suspected North Korean-linked hacking group carried out a sophisticated cyberattack against the widely used JavaScript library Axios. And the entry point wasn’t a software vulnerability — it was a Microsoft Teams call.

Attackers orchestrated a complex social engineering campaign, reportedly involving deepfake-enabled impersonation, targeting Axios’ lead maintainer, Jason Saayman, to gain access.

In a detailed postmortem published on GitHub, Saayman detailed how his PC was compromised, allowing attackers to silently push a Remote Access Trojan (RAT) on macOs, Windows, and Linux systems.

“The blast radius of yesterday's Axios npm supply chain attack is broad and extends to other popular packages that have dependencies on it. Enterprises should assess the impact today,” Mandiant CTO Charles Carmakal said in a detailed Linkedin post, adding that the firm is aware of “hundreds of thousands of stolen credentials.”

Axios is one of the most widely used JavaScript libraries, with more than 100 million downloads each week through the Npm package manager, which developers rely on to quickly integrate open-source components into their software. The scale makes the incident a supply chain attack with potentially far-reaching consequences, as compromised updates can cascade across thousands of downstream applications and systems.

Beyond the scale, the incident underscores a broader shift already seen in multiple North Korean-linked campaigns this year. The attack surface is moving.

Increasingly, we are seeing at GetReal Security that the new attack surface is in the human layer: inside live audio and video interactions over videoconferencing and other digital communications where security teams currently lack visibility and identity goes unvalidated.

The Multimodal Social Engineering Campaign

The North Korean threat group UNC1069, to which Google has attributed the Axios Npm compromise, reportedly spent around two weeks social engineering Saayman before deploying any malicious code. The campaign began with an attacker impersonating the founder of a company, spoofing the founder’s likeness, and sending an invitation to what Saayman described as a “super convincing” Slack workplace designed to mimic the company’s branding. The workspace also included profiles of the company’s “team,” other open-source software maintainers, and active channels where LinkedIn posts were shared, all giving it much more credibility

The interaction then moved to Microsoft Teams. Saayman joined a scheduled Teams meeting that included attendees seeming to be people involved with the company. At that point Saayman was led to believe he was having audio issues and that his system was out of date. He was directed to install an update and did so.

This aligns with similar attacks documented earlier this year that made use of what’s commonly referred to as ClickFix. ClickFix, mapped by MITRE ATT&CK to the technique User Execution: Malicious Copy and Paste, involves the adversary prompting a victim to fix a fabricated technical issue by copying-and-pasting what ends up being malicious code that executes a command on their machine.

In Saayman’s case, the update was remote access Trojan malware which resulted in the compromise of his system and the hijacking of his Npm account. This allowed for the publishing, and uptake, of the malicious versions of Axios.

“Everything was extremely well co-ordinated, looked legit and was done in a professional manner,” emphasized Saayman in his postmortem.

The attack surface has shifted from email to a multimodal one including LinkedIn, Slack, WhatsApp, Microsoft Teams, Zoom, and live and recorded audio and video — where security teams, traditional controls, and authentication have no reach.

Axios Was Not the Only Target

This was not an isolated incident. Attackers using the same methods also reportedly targeted maintainers of other popular software packages on Npm including Fastify, Buffer, Lodash, Dotenv, Express, and Mocha recently.

Mandiant reported that the playbook is similar to earlier attacks, also attributed to North Korean operatives, targeting the cryptocurrency industry, software firms and their developers, and venture capital firms and their employees. Those attacks used a similar playbook: the impersonation of an executive (and in one case the compromise of an executive’s Telegram account), spoofed Zoom meetings, a ClickFix attack, and alleged use of AI deepfake video.

The targeting of both private firms and the maintainers of open-source software they depend on shows a sophisticated, scaled operation.

Defending the Human Layer

The human layer remains largely undefended. Traditional cybersecurity solutions are not designed to determine the authenticity of what people see and hear in phone calls, video meetings, or digital profiles.

As generative AI continues to improve the realism of cloned voices and likenesses in audio and video communications, distinguishing real from fake is becoming increasingly difficult. And for now these tactics are working. As long as they do, it’s likely that attackers will expand their targets beyond the software supply chain into everyday business interactions.

The risk now extends into every digital interaction where a human is asked to trust identities they can’t verify across voice calls, messaging apps, collaboration tools, and videoconferencing platforms.

Defending against these attacks at the human layer requires visibility into the collaboration and videoconferencing channels where these interactions occur, threat intelligence that can identify imposter indicators of compromise across communication platforms, and real-time, multimodal deepfake detection so employees aren’t expected to make the determination on their own.

It also requires continuous multimodal identity verification over time and across channels, as well as automated response capabilities to stop an attack before it escalates. GetReal Security built the GetReal Trust and Authenticity Platform (GTAP) with exactly these capabilities to defend against today’s AI-powered identity threats in the human layer.

While organizations have made progress securing software supply chain security, incidents like this highlight the next critical frontier: securing the human layer.

‍How does your organization compare in its ability to defend against multimodal social engineering attacks like this one? The Deepfake Readiness Benchmark Report – based on an independent survey of enterprise IT, security, risk, and fraud leaders – gives you the data to find out. Download it here.