ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME20:41:58 UTC
← All briefs
HIGHCyber IntelligenceSunday, June 21, 2026

North Korea compromised 140 npm packages in Mastra AI attack

Microsoft attributes supply chain breach to Sapphire Sleet, marking escalation in state-sponsored targeting of developer infrastructure.

Microsoft has linked a supply chain attack that compromised more than 140 npm packages to Sapphire Sleet, a North Korean state-sponsored hacking group also tracked as BlueNoroff. The breach targeted Mastra AI, an open-source framework for building AI applications.

The attack represents a significant escalation in North Korean cyber operations against software supply chains. By poisoning packages in the npm ecosystem—the world's largest software registry—the attackers positioned themselves to reach thousands of downstream developers and their enterprise customers. The compromised packages were distributed through the npm repository, which serves the JavaScript and Node.js development community.

Sapphire Sleet has previously focused on cryptocurrency theft and financial fraud to fund North Korean state operations. This pivot to supply chain compromise suggests the group is expanding its operational scope beyond immediate financial gain to longer-term access and intelligence collection. Microsoft's attribution carries weight given the company's visibility into global threat activity through its security products and telemetry.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
Implications
  • 01Development teams using npm packages must audit dependencies for compromise indicators
  • 02Open-source maintainers face heightened scrutiny over repository security practices
  • 03North Korean cyber operations now target developer infrastructure for persistent access
  • 04Enterprise security teams must expand threat models to include supply chain vectors
Source
BleepingComputer
https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#supply chain attack#north korea#npm#sapphire sleet#open source security#mastra ai
Related Briefs