Microsoft attributes Mastra AI supply chain attack affecting 140+ npm packages to North Korean hackers
By
BleepingComputer
Summary
Microsoft has attributed the Mastra AI supply chain attack, which compromised over 140 npm packages, to Sapphire Sleet (BlueNoroff), a North Korean state-sponsored hacking group. The attackers compromised the ehindero maintainer account to publish malicious package updates that delivered the easy-day-js dependency and a cross-platform information stealer targeting credentials, API keys, and cryptocurrency wallets.
Source
bskyMicrosoft attributes Mastra AI supply chain attack affecting 140+ npm packages to North Korean hackershendryadrian.comKey quotes
· 3 pulledMicrosoft says the Mastra AI supply chain attack that hit more than 140 npm packages was carried out by Sapphire Sleet, also known as BlueNoroff, a North Korean state actor.
The compromised packages delivered the easy-day-js dependency and a cross-platform stealer aimed at credentials, API keys, and cryptocurrency wallets.
Attackers compromised the ehindero maintainer account to publish malicious package updates.
You might also wanna read
The Mastra supply chain attack wasn't about AI
Mastra supply chain attack: The importance of scope access and account hygiene
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit
Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
A major cybersecurity incident occurred where over 1,000 NPM packages and 27,000+ GitHub repositories were infected within hours via a fake
Shai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
The Shai-Hulud malware campaign represents the largest and most dangerous npm supply-chain compromise in history, affecting hundreds of pack

Comments
Sign in to join the conversation.
No comments yet. Be the first.