logo

Microsoft Attributes Mastra AI Supply Chain Attack to North Korea

ID: 88a59c43-7334-5a2d-b1a4-d16ae225a4df

STIX ID: report--88a59c43-7334-5a2d-b1a4-d16ae225a4df

Feed Name: Infosecurity Magazine (News)

Threat Score
90/100

Date Published: 2026-06-22

Date Updated: 2026-06-22

...
...

Microsoft attributes a large-scale npm supply-chain attack against the Mastra TypeScript project to North Korean state actor Sapphire Sleet; attackers hijacked a maintainer account to publish poisoned packages (via the malicious dependency easy-day-js) that disabled TLS verification, contacted C2 servers, and delivered cross-platform malware aimed at stealing cryptocurrency wallet data and collecting system reconnaissance. Microsoft recommends scanning dependency trees and node_modules for easy-day-js, pinning known-good package versions, and updating to unaffected Mastra releases.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.