2 reports · 2 sources · tracked since 1d ago

Microsoft links Mastra AI supply chain attack to North Korean hackers

AI synthesis Microsoft attributes a Mastra AI supply chain attack compromising 140+ npm packages to North Korean group Sapphire Sleet, with malware targeting cryptocurrency extensions.

supply chainmicrosoft

Why this ranks Transparent score: 14

coverage +6 source breadth +4 urgency +0 freshness +4

What changed

Coverage timeline

Every report remains linked to its original publisher.

BleepingComputer Jun 20, 2026, 2:09 PM UTC First observed

Microsoft links Mastra AI supply chain attack to North Korean hackers ↗

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...]
SecurityWeek Jun 22, 2026, 11:10 AM UTC Coverage expanded

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack ↗

A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The post North Korean Hackers Blamed for Mastra NPM Supply Chain Attack appeared first on SecurityWeek.

Coverage timeline

Microsoft links Mastra AI supply chain attack to North Korean hackers ↗

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack ↗