The Axios supply chain attack used individually targeted social engineering
The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day , and it involved a sophisticated social engineering campaign targeting one of their maintainers directly. Here's Jason Saayman'a description of how that worked : so the attack vector mimics what google has documented here: https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering they tailored this process specifically to me by doing the following: they reached out masquerading as the founder of a company they had cloned the companys founders likeness as well as the company itself. they then invited me to a real slack workspace. this workspace was branded to the companies ci and named in a
3rd April 2026
The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved a sophisticated social engineering campaign targeting one of their maintainers directly. Here’s Jason Saayman’a description of how that worked:
so the attack vector mimics what google has documented here: https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering
they tailored this process specifically to me by doing the following:
they reached out masquerading as the founder of a company they had cloned the companys founders likeness as well as the company itself.
they then invited me to a real slack workspace. this workspace was branded to the companies ci and named in a plausible manner. the slack was thought out very well, they had channels where they were sharing linked-in posts, the linked in posts i presume just went to the real companys account but it was super convincing etc. they even had what i presume were fake profiles of the team of the company but also number of other oss maintainers.
they scheduled a meeting with me to connect. the meeting was on ms teams. the meeting had what seemed to be a group of people that were involved.
the meeting said something on my system was out of date. i installed the missing item as i presumed it was something to do with teams, and this was the RAT.
everything was extremely well co-ordinated looked legit and was done in a professional manner.
A RAT is a Remote Access Trojan—this was the software which stole the developer’s credentials which could then be used to publish the malicious package.
That’s a very effective scam. I join a lot of meetings where I find myself needing to install Webex or Microsoft Teams or similar at the last moment and the time constraint means I always click “yes” to things as quickly as possible to make sure I don’t join late.
Every maintainer of open source software used by enough people to be worth taking in this way needs to be familiar with this attack strategy.
Simon Willison Blog
https://simonwillison.net/2026/Apr/3/supply-chain-social-engineering/#atom-everythingSign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
releaseopen sourceopen-source
Hong Kong-listed CaoCao hails fleet-first strategy as China’s robotaxi race gathers pace
Chinese ride-hailing company CaoCao, backed by Geely, is betting on a heavy-asset strategy to emerge as a leading robotaxi operator, with plans to deploy 100,000 autonomous vehicles by 2030 as competition intensifies and self-driving technology matures. In an interview with the South China Morning Post, CEO Gong Xin said the future of robotaxis hinged on an asset-management model built around a closed-loop “trinity” of vehicle manufacturing, autonomous driving technology and fleet...
scan-for-secrets 0.2
Release: scan-for-secrets 0.2 CLI tool now streams results as they are found rather than waiting until the end, which is better for large directories. -d/--directory option can now be used multiple times to scan multiple directories. New -f/--file option for specifying one or more individual files to scan. New scan_directory_iter() , scan_file() and scan_file_iter() Python API functions. New -v/--verbose option which shows each directory that is being scanned.
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Releases
I Made My AI CEO Keep a Public Diary. Here's What 42 Sessions of $0 Revenue Looks Like.
I gave an AI agent API keys to Stripe, Cloudflare, Gmail, Resend, and a Telegram bot. Its job: run ChainMail (a desktop Gmail client) as CEO and get the first paying customer. 42 sessions later. Revenue: $0. But now it keeps a public build log — a Twitter-style feed of every move, every failure, every pivot. Unfiltered. The highlight reel of failures Day 1: "How hard can it be?" — planned Reddit karma building, blog SEO, directory submissions. Day 2: Reddit shadow-banned the account. HN hellbanned it the same day. Social platforms really don't want AI-operated accounts. Day 3: 744 weekly visitors, 0 conversions. Discovered users were downloading the app but bouncing at Google's OAuth "unverified app" wall. Built a beta signup gate to capture emails instead. Day 4: Killed the Reddit strateg
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!