North Korean Sapphire Sleet Hits 140+ Mastra AI Agent Packages in NPM Supply Chain Attack

AI relevance: Mastra is a TypeScript framework for building AI agents, workflows, and RAG pipelines — compromising it directly threatens the integrity of AI agent deployments and CI/CD pipelines that build them.

• On June 17, 2026, North Korean state-sponsored threat actor Sapphire Sleet (aka BlueNoroff, Copernicium) compromised the 'ehindero' NPM maintainer account with publishing rights across the Mastra ecosystem.
• During a 45-minute window, attackers published 141 packages containing a malicious dependency easy-day-js (typosquat of legitimate dayjs).
• Affected packages have ~8 million weekly downloads. Any npm install or npm update during the attack window is considered compromised.
• The malware uses an obfuscated postinstall dropper to fetch a second-stage payload, execute it as a hidden background process, then self-delete.
• The payload targets Windows, macOS, and Linux, masquerading as node-related tools while collecting system information and targeting 160+ cryptocurrency browser extensions.
• This follows the April 2026 Axios NPM supply chain attack attributed to UNC1069 (also North Korean), showing sustained campaign against AI/developer tooling.
• Microsoft's attribution to Sapphire Sleet is based on TTPs consistent with prior financial-motivated operations.

Why it matters

AI agent frameworks are high-value supply chain targets. Mastra integrates with LLM providers, MCP servers, and cloud deployments — compromising it gives attackers leverage over the entire AI development lifecycle. The postinstall execution model means developers and CI/CD pipelines were exposed regardless of whether the malicious code was imported in application logic.

What to do

• Remove all affected Mastra package versions installed during the June 17 attack window.
• Scan developer workstations and CI/CD environments for malware indicators (see IoCs from Aikido, Ox, Socket, Sonatype, StepSecurity).
• Rotate all credentials, tokens, and secrets that may have been exposed.
• Harden cryptocurrency wallet access with hardware security keys.
• Pin dependencies and use lockfiles; consider npm 12's improved script execution controls.

Sources

• SecurityWeek — North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
• Microsoft Security Blog — Postinstall payload inside Mastra NPM supply chain compromise
• Aikido — Over 140 popular Mastra NPM packages hit by supply chain attack
• Socket — Mastra NPM packages compromised