Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers

Microsoft links a supply chain attack on Mastra to North Korea's Sapphire Sleet, compromising npm packages to target crypto wallets.

By Content Team

Jun 28, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft has attributed a supply chain attack on Mastra — an open-source TypeScript framework for building AI applications — to North Korean state actor Sapphire Sleet, also tracked as APT38 and BlueNoroff. The attribution, made June 19 with "high confidence," came after attackers compromised a npm maintainer account and poisoned over 140 packages with malicious code.

The malware targeted cryptocurrency wallets from 166 browser extensions, including MetaMask and Coinbase Wallet, while also stealing browser history and system data. It ran on Windows, macOS, and Linux. Developers should check for easy-day-js dependencies and note that Mastra versions 1.13.0 and earlier are unaffected.

Source: Infosecurity Magazine

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Companies House Security Breach Exposes UK Business Data

Mar 31, 2026

Russian Hackers Exploit Microsoft Office Zero-Day in Eastern Europe Attacks

Feb 3, 2026

Instructure Breach Exposes Schools' Vendor Dependence

May 7, 2026

Critical Google Looker Flaws Let Attackers Access Multiple Companies' Data

Feb 6, 2026