In a nutshell: More than 140 npm packages in Mastra AI were compromised by North Korean hacker group Sapphire Sleet, exploiting supply chains as an attack surface.
Microsoft has attributed a supply chain attack on Mastra AI libraries, in which more than 140 npm packages were compromised, to the state-sponsored North Korean hacker group Sapphire Sleet (also known as BlueNoroff). This reveals a targeted approach against open-source infrastructure.
Microsoft has linked the recent attack on Mastra AI to the state-sponsored North Korean hacker group Sapphire Sleet. The attackers infiltrated the npm registry and published manipulated packages that exploited over 140 dependencies in the Mastra AI library as a supply chain. The attack is designed to penetrate systems used by development teams and potentially their end customers.
For CISOs, this is a critical wake-up call: supply chain compromises via public package managers represent a growing threat, as they can have broad reach and affect a variety of users. Even trusted, regularly updated dependencies can become an entry point if the development process or repository controls are attacked.
Organizations should review their dependency management processes, including monitoring of npm package sources, version control, and validation of package integrity. Forensic review of Mastra AI deployments for suspicious activity is recommended. Additionally, incident response plans for supply chain compromises should be updated to enable faster response to such incidents.
Source: www.bleepingcomputer.com · Published June 20, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 of the EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.