Microsoft says the Mastra AI supply chain attack that hit more than 140 npm packages was carried out by Sapphire Sleet, also known as BlueNoroff, a North Korean state actor. The compromised packages delivered the easy-day-js dependency and a cross-platform stealer aimed at credentials, API keys, and cryptocurrency wallets. #SapphireSleet #BlueNoroff #Mastra #easy-day-js #dayjs #Axios
Keypoints
- Microsoft attributed the npm attack to Sapphire Sleet with high confidence.
- Attackers compromised the ehindero maintainer account to publish malicious package updates.
- More than 140 @mastra packages were poisoned with the easy-day-js dependency.
- The malware stole credentials, API keys, authentication tokens, and crypto wallets.
- Microsoft linked the activity to prior Sapphire Sleet tactics, tooling, and infrastructure.