Go modules are particularly susceptible to repojacking due to their decentralized nature, and popular repository namespace retirement countermeasures are not effective in preventing all instances of this attack.
Source: cyware.com