Microsoft says Sapphire Sleet, a North Korean state-sponsored group also known as BlueNoroff, is behind the Mastra supply chain attack that compromised 141 NPM packages and exposed users during a 45-minute publishing window on June 17. The attack used a typosquatted easy-day-js dependency and a malicious postinstall dropper to target Windows, macOS, and Linux systems, with Mastra users urged to remove affected versions and rotate secrets. #SapphireSleet #BlueNoroff #Mastra #easy-day-js #Axios
Keypoints
- Sapphire Sleet was identified as the actor behind the Mastra supply chain attack.
- Hackers published 141 malicious NPM packages during a 45-minute window on June 17.
- The attack used the typosquatted easy-day-js dependency to deliver a second-stage payload.
- Any @mastra package installed during the attack window may be affected.
- Users should remove affected versions, check for malware, and rotate credentials and tokens.
Read More: https://www.securityweek.com/north-korean-hackers-blamed-for-mastra-npm-supply-chain-attack/