
North Korea-linked group tied to Mastra AI npm supply-chain attack
Microsoft attributes the Mastra AI npm supply-chain attack to North Korea's Sapphire Sleet/BlueNoroff after attackers hijacked an npm maintainer to publish 140+ malicious Mastra packages; the malicious typosquat dependency easy-day-js drops a cross-platform info stealer that exfiltrates credentials and crypto-wallet data across Windows, Linux, and macOS, disables TLS verification, contacts attacker C2, and uses OS-specific persistence and a PowerShell backdoor.













