Key Findings North Korean threat group UNC1069 is conducting coordinated social engineering campaigns against open source maintainers, particularly those managing Node.js and npm packages Attackers use fake LinkedIn profiles, Slack messages, and spoofed video conferencing platforms to build rapport over weeks before delivering remote access trojans Goal is to compromise maintainer credentials and gain write access to popular packages, allowing injection of malicious code into
