Microsoft links Mastra AI supply chain attack to North Korean hackers
Summary
North Korean hackers from the Sapphire Sleet group compromised an npm maintainer account (a person's credentials for publishing packages to npm, a JavaScript library repository) and used it to publish malicious updates to over 140 packages, injecting a fake dependency called "easy-day-js" that stole credentials, API keys, and cryptocurrency wallet information from developers' computers. The malware used a post-install hook (code that runs automatically when a package is installed) to download and execute additional harmful software, with different persistence techniques for Windows, Linux, and macOS systems.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
First tracked: June 20, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%