Hacker And The Fed How One Developer Took Down the Supply Chain
7 snips
Apr 9, 2026 A deep dive into a supply-chain attack that began with a fake Microsoft Teams update and escalated into full developer compromise. They unpack social engineering, open source manipulation, and GitHub/VS Code tactics that auto-run malicious code. The conversation also covers mass router infections, ISP and policy challenges, and urgency around post-quantum crypto risks.
AI Snips
Chapters
Transcript
Episode notes
Fake Teams Update Led To Full Developer Compromise
- North Korean actors built a multi-stage social engineering campaign that ended with a fake Microsoft Teams update to install a RAT.
- The attack chain used LinkedIn/Slack impersonations, a fake Slack workspace, a live Teams call, and guided installation to steal tokens and credentials.
Attackers Used Conference Meetings And Funding To Gain Trust
- Hector described a previous North Korean campaign that included meeting maintainers at conferences and funding projects to gain trust.
- They spent months and even invested crypto to trick maintainers into executing malicious code.
VS Code Tasks.json Became An Infection Vector
- Attackers abused VS Code auto-run by placing malicious .vscode/tasks.json files in repos so opening a cloned project executes scripts.
- The payloads were self-propagating bash scripts that stole credentials, cookies, and keys when developers opened projects.