A sophisticated social engineering campaign linked to DPRK-nexus actor UNC1069 is targeting high-impact Node.js and npm maintainers. Attackers build rapport over weeks before luring victims to spoofed video conferencing sites that deploy infostealing malware designed to hijack session tokens, bypass 2FA, and compromise the open-source software supply chain.