Hey, how would you like to join a team's

call and then by joining the team's call

you get hacked by North Korea? Well,

that's what happened with Axios. It

would be kind of strange if you haven't

heard about the Axios hack because even

the legend himself, the modern-day poet,

the real minstrel among us all, Fireship

did release a video and I think he

summed up the Axios hack best with the

following.

>> That improved developer experience just

turned into non-consensual backdoor

penetration by a magnumsized Trojan.

That man does not mince words. Before I

tell you exactly how Axios was hacked,

let's just go over a quick couple

details for those that aren't in the

know. On March 31st, Axios was hacked.

Effectively, what happened is that Jason

ended up getting compromised. And then

by being compromised, Axios published

two new versions, 1.14.1 and 030.4,

in which involved a new library called

plain crypto.js, JS which just wraps

crypto but instead steals all the

credentials and does every you know just

completely takes advantage of your

computer. The malicious versions were

alive for about 3 hours and you should

go through and make sure you don't

actually have these just in case. If I

were you, I'd probably just roll all my

credentials everywhere, reset everything

if you happen to be hit in this. Also

kind of strange just throwing this out

there as I was reviewing the summary. Uh

right here, Victor just didn't like

Jason telling everybody about what

happened and how to fix things. Oh,

Victor, that's kind of strange, don't

you think, V? V V V V V V V V V V V V V

V V V V V V Victor, why why you dislike

him that? Well, yesterday Jason actually

gave an update on the situation and gave

us the real details of what exactly

happened to him. First, they reached out

masquerading as a founder of a company.

They had cloned the company's founders

likeness as well as the company itself.

Second, they invited me to a real Slack

workspace. This workspace was branded to

the company's CI and named in a

plausible manner. The Slack was well

thought out. They had channels where

they were sharing LinkedIn posts. Yes. I

love that. It's like, yo, how do you

know it's a real company? Oh, there's a

channel dedicated to sharing LinkedIn

posts. [laughter]

I guess honestly, I don't think I've

been a part of a real company then.

Because that sounds horrible. If I went

into somebody's Slack and they're like,

"Oh, yeah, that's where we discuss the

the the happenings of that very

well-known and very wellrespected

network, LinkedIn." I' like, "Brother, I

don't think I belong here. this this

isn't for me. Whatever's happening here.

They even had what I presumed were fake

profiles of the team of the company, but

also a number of OSS maintainers. So,

they just kind of set up this very

elaborate environment for this one

individual person to be had. They

scheduled a meeting with me to connect.

The meeting was on Microsoft Teams. That

should be a red flag. Okay. I don't know

what's going on, but but meeting on

Microsoft Teams, like I wouldn't even

write on the internet that I joined a

Microsoft Teams phone call. Okay. I

would keep that to myself. I would hide

that little piece of knowledge. The

meeting had what seemed to be a group of

people that were involved. The meeting

said something on my system was out of

date. I installed the missing item as I

presumed it was something to do with

Teams, and it was the RAT. For those

that don't know what a RAD is, a RAT

stands for remote access Trojans, or

sometimes remote administration tool. It

is a type of malicious software that

allows hackers to gain unauthorized

hidden remote control over a target

computer or device. In other words, they

can see everything you do. They have

access to every single file you create

and they're able to put anything they

want or make your computer do any

action. To be completely fair here, I,

you know, shameful enough as it sounds,

if I ended up joining a Microsoft Teams

call and then it was like, "Hey,

something's out of date. You need to

install a new driver." The chance of me

being had it could go it could go up. It

could definitely go up. The thing that

makes this so difficult is that if you

actually go and look at some of the

screenshots, it looks just like

Microsoft Teams or it looks just like

Zoom. And if you look at the web

browser, if you're not even careful

enough, that looks just like a Zoom

link. If you're not familiar with a Zoom

link, they typically look like something

like this. There's some sort of region.

Zoom US and then an ID right afterwards.

Whereas this one right here is that kind

of same region except for there's just

no dot right here. So, if you're just

not even looking at like it's a very

simple mistake to realize you're not

even on Zoom. The team one seems a

little bit more obvious though.

Microcell, like there's definitely

something going on right there that that

that that doesn't that doesn't look

real. I feel like I would not be had by

this one again. Victor, you down you

downvoted again. Hey, Victor. Hey, V.

Hey, Victor. Where were you on the

evening of the infamous Teams call? Just

a Hey, I'm just asking questions here.

Even the person that provided the

screenshots right here, Victor also

downloaded it. Strange, huh? What is

going on, Victor? All of this just goes

to show how easy it is to be had. Okay,

I assume that JSON probably knows a

thing or two about tech. Probably

doesn't get had by those simple text

messages that like, "Oh, your UPS

package is late, bro. Hey, why don't you

just click this link?" Right? It takes a

little bit more. I think I could have

been easily fooled by having something

that feels so set up, right? You go to a

Slack. There's multiple people there. It

has the company branding. It even has a

LinkedIn section, very unhinged as it

is. It has other oss maintainers. People

are yapping. Oh my gosh. Hey, we have a

meeting. Which is also strange because

one of the things apparently they do

during this meeting is that instead of

just like, hey, you should join this

meeting. Hey, you should join this

meeting. They they give you they play it

hard to get. Apparently, they'll

schedule the call for like a week out

and then they'll reschedu it for another

week being like, "Oh, hey, we can't do

it right now. Could you do it even next

week?" They really just slow roll you.

They age you like a fine bottle of wine.

It's insane because 2 to 3 weeks you

think that they would be worried about

getting caught that you would kind of

notice something's wrong with the Slack,

but no, they let it go nice and slow

because they really want to build up

that rapport that what you're about to

join is completely and absolutely above

board which apparently with other people

they actually like step through and give

them other instructions on how to

potentially fix their problem and then

at some point be like here try this

install script and then that and then

bam they get had. And this exact style

of getting hacked apparently is

identical effectively to this right

here. The UNCC 1069 targets

cryptocurrency sector with new tooling

and AI enabled social engineering. This

was just released a couple months ago by

Google. Apparently what it is is North

Korean threat actors and they're just

using more and more sophisticated

technology and the power of AI to be

able to dupe people. And they will often

use something that looks like this. Like

again this looks just like the Zoom

meeting. They just flip around the

credentials, right? So it's like us5 web

US us and then have the zoom on the

other side and just make it so

believable and then the CSS is so well

done. Hey, good job AI. That's why

that's the power of AI being able to

clone out a UI. So that's that's what

happened with Axio. So poor one out for

Jason. And also Victor Vic. Hey yo,

Victor feel like we got to know why

you're so upset at everything. Okay.

What's what's going on? What what what

are you hiding? Do you also happen to

know of a nice Microsoft Teams link that

I should join? Do you have a Slack

organization that would be something

that I could end up joining? I'm on to

you, Victor. The name is the Primagen.

Hey, do you want to learn how to code?

Do you want to become a better back-end

engineer? Well, you got to check out

boot.dev. Now, I personally have made a

couple courses from them. I have live

walkthroughs free available on YouTube

of the whole course. Everything on

boot.dev you can go through for free.

But if you want the gamified experience,

the tracking of your learning and all

that, then you got to pay up the money.

But hey, go check them out. It's

awesome. Many content creators you know

and you like make courses there.

boot.dev/prime for 25% off.