Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft attributes a Mastra npm supply-chain attack that injected a typosquatted dependency 'easy-day-js' into more than 140 @mastra packages to North Korean state-sponsored actor Sapphire Sleet (BlueNoroff); the malicious postinstall hook deployed an obfuscated dropper and a cross-platform information stealer targeting credentials and 166 cryptocurrency wallet browser extensions, used OS-specific persistence, disabled TLS checks, communicated with C2 servers, and exhibited follow-on activity consistent with prior Sapphire Sleet campaigns.