Why open source maintainers have become strategic targets
Maintaining a widely adopted open source project gives you considerable power: the ability to push code to millions of production systems. That power is precisely what attracts increasingly sophisticated malicious actors, including nation-state affiliated groups.
The attack against Axios in March 2026, attributed to the North Korean group UNC1069, illustrates a reality the open source community must now internalize: the maintainer of a popular package is a high-value strategic target, on par with a system administrator in critical infrastructure.
This guide details the tactics being used and the concrete defensive measures any maintainer can put in place.
Social engineering tactics targeting maintainers
1. Long-term trust building
The Axios attack was not spontaneous. Investigators established that UNC1069 had approached the lead maintainer months before the compromise, progressively building a relationship of trust. This technique, sometimes called a “long con” in security parlance, involves:
- Benign initial contributions (minor bug fixes, documentation improvements)
- Regular interactions via GitHub, Discord, or email
- Building a credible identity with a convincing GitHub history
- Impersonating a legitimate company (the Axios case involved a fake tech company)
This level of preparation distinguishes state-sponsored actors from opportunistic cybercriminals. A group like UNC1069 can invest several months in a single operation if the target warrants it.
2. Social engineering through professional channels
LinkedIn has become a preferred operational environment. Attackers create profiles posing as recruiters or senior developers at real or fictional companies, contact the maintainer with a value proposition (collaboration, employment, partnership), then move the conversation to less monitored channels (Discord, Telegram, personal email).
Email remains an effective vector because it allows highly personalized content. UNC1069 teams are known for using domains spoofing legitimate tech companies, with valid SSL certificates to lend credibility to communications.
3. Requests for maintenance rights transfer
A classic vector involves requesting co-maintainer rights under a legitimate pretext: “I’d like to actively contribute to maintenance, your workload seemed heavy.” Once rights are granted, the attacker has direct access to publish malicious versions.
The event-stream incident in 2018 is the paradigmatic example: an unknown user asked to take over maintenance of a popular npm package, obtained the rights, then injected malicious code targeting cryptocurrency wallets.
4. Exploiting maintainer fatigue
Maintainers of popular open source projects often face an exhausting workload: hundreds of issues, pending pull requests, community pressure for rapid releases. This fatigue creates an exploitation window: a patient attacker can identify moments when vigilance drops to push a malicious contribution through the normal pull request flow.
Case study: XZ Utils (2024) and patience as a weapon
The XZ Utils case remains the most documented example of this approach. The malicious actor “Jia Tan” contributed to the project for two and a half years before inserting a backdoor in version 5.6.0. He had gradually earned commit rights, managed releases, and built an impeccable reputation in the community before striking.
The backdoor specifically targeted Linux systems using systemd with exposed SSH, suggesting a precise target: Linux server infrastructure in production at companies and government agencies.
Defense guide for maintainers
Hardware keys for npm and PyPI publishing
The most effective defense against account compromise is using a hardware security key (YubiKey, Google Titan, certified FIDO2 key) for publishing operations.
For npm, enable two-factor authentication at the most restrictive level:
npm profile enable-2fa auth-and-writesThis requires 2FA validation for every publication, even if account credentials are compromised.
For PyPI, mandatory FIDO2/WebAuthn 2FA can be enabled from the account settings interface. Critical projects can also use PyPI’s “Trusted Publishers” program which ties publishing to specific GitHub Actions workflows, eliminating the use of long-lived tokens.
Separate publishing credentials
Never use the same credentials for your GitHub account and your npm/PyPI account. Use minimum-scope publishing tokens, renewed regularly. Store these tokens in a dedicated password manager rather than in unencrypted environment variables.
A manager like NordPass allows storing these secrets securely, with biometrically protected access and clear separation between personal and professional use. Discover NordPass
Mandatory code review before publishing
Implement a systematic review policy for changes before publication:
- No direct publishing from a development branch without review by a second maintainer
- Use npm provenance attestations (available since npm 9) which cryptographically link each published version to a specific CI/CD workflow, making unattested manual publications detectable
- Enable GitHub protected tags to prevent creation of release tags without branch protection rule validation
Vigilance on access requests
Adopt a systematic verification policy before granting any rights:
- Verify the requester’s actual contribution history (account age, quality of past contributions)
- Never grant publishing rights to someone who contacted you proactively
- Require a minimum observation period of three to six months of contributions before any discussion of co-maintainer rights
The role of platforms
npm and PyPI have a crucial role to play. Measures already in place (mandatory 2FA for the most downloaded packages) are steps in the right direction, but significant improvements remain necessary: enhanced maintainer identity verification, automatic alerts on publishing behavior changes (unusual time, new machine, new country), and configurable propagation delays for new versions of critical packages.
Recommended reading
These are affiliate links. If you make a purchase through these links, we may receive a commission at no additional cost to you.
- Cybersecurity Essentials: covers supply chain attacks, social engineering tactics, and practical defenses for developers and security teams.
- NordPass: secure your npm and PyPI publishing tokens with an enterprise-grade password manager.
Sources
- UNC1069 Social Engineering of Axios - The Hacker News
- What We Learned: Axios npm Supply Chain Compromise Emergency Briefing - SANS Institute
Advertisement