Microsoft Links Sapphire Sleet to Mastra AI Supply Chain Hit

North Korean state-sponsored hackers have been quietly burrowing into AI developer tooling. BleepingComputer reports that Microsoft, on June 19, disclosed that Sapphire Sleet (also known as BlueNoroff), a North Korean state-sponsored hacking group, compromised the npm maintainer account "ehindero" and used it to push malicious updates across more than 140 packages in the @mastra scope, a framework widely used for building AI agents.

The attack vector was straightforward but well-targeted. The compromised account injected a typosquatted dependency called "easy-day-js" (a deliberate misspelling of the popular dayjs JavaScript library) into the affected packages. When developers installed those packages, a postinstall hook fired, running an obfuscated dropper script that disabled TLS certificate verification and phoned home to attacker-controlled infrastructure. The second-stage payload was a cross-platform infostealer running on Windows, Linux, and macOS, with OS-specific persistence mechanisms including Registry Run keys, LaunchAgents, and systemd services. Its targets included 166 cryptocurrency wallet browser extensions, among them MetaMask, Phantom, Coinbase Wallet, Binance Wallet, and TronLink, plus browser histories, running processes, and installed applications.

The reason this warrants more attention than a routine supply chain incident is the targeting pattern. Sapphire Sleet has historically gone after cryptocurrency through browser extension exploits, fake job offers, and deepfake video calls. Pivoting to AI developer toolchains extends that reach dramatically: a single compromised framework package can sit on the laptops of hundreds of engineers who collectively manage far more crypto assets and API credentials than any single target. Microsoft also attributed a separate April 2026 npm supply chain attack on the Axios HTTP client to the same group, which points to a sustained and deliberate focus on the npm ecosystem rather than opportunistic one-off compromise.

What the reporting does not tell you is how many developers actually installed the malicious packages before detection, what the exposure window was, or whether any wallets have been drained as a result. It also does not say how the "ehindero" account was taken over, which matters a great deal for what registry-level controls might have prevented this.

For practitioners using @mastra packages, the immediate step is to audit install logs and rotate any credentials that touched affected machines. More broadly, the two Sapphire Sleet npm incidents this year make a strong case for treating postinstall hooks in your dependency tree as untrusted code by default, and for supply chain monitoring tools that flag unusual dependency injections before they execute.