Who is behind the Mastra AI attack?

The attack is attributed to the North Korean hacker group Sapphire Sleet (BlueNoroff), which specializes in financially motivated cybercrime and state-sponsored espionage.

What were the consequences of the npm package compromise?

Attackers injected malicious code into over 140 npm packages, potentially compromising developers' systems and spreading threats through the supply chain.

Why are supply chain attacks dangerous for the IT industry?

Such attacks allow hackers to embed malicious code into legitimate software components, leading to large-scale data breaches and infrastructure compromises.

← All news

Security

Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers

June 20, 2026

Photo: BleepingComputer

Quick answer

The North Korean hacker group Sapphire Sleet (BlueNoroff) executed a supply chain attack on Mastra AI, compromising over 140 npm packages.

Microsoft has completed its investigation into the Mastra AI supply chain attack, revealing that over 140 npm packages in the registry were compromised. According to the company, the campaign is linked to the North Korean hacker group Sapphire Sleet, also known as BlueNoroff.

Sapphire Sleet has long specialized in financially motivated cybercrime and state-sponsored espionage. In this case, threat actors exploited vulnerabilities in the npm ecosystem to distribute malicious code, which could have been integrated into developers' projects worldwide.

Microsoft experts warn that supply chain attacks are becoming increasingly common and dangerous, particularly amid the growing reliance on AI tools and open repositories. Compromising npm packages enables hackers to inject malicious components into legitimate applications, posing severe risks to data security and infrastructure.

In response to the threat, Microsoft advises developers to strengthen dependency controls in projects, use code security analysis tools, and regularly update libraries. The company continues to monitor the group's activities to prevent future attacks.

Common questions

Who is behind the Mastra AI attack?: The attack is attributed to the North Korean hacker group Sapphire Sleet (BlueNoroff), which specializes in financially motivated cybercrime and state-sponsored espionage.
What were the consequences of the npm package compromise?: Attackers injected malicious code into over 140 npm packages, potentially compromising developers' systems and spreading threats through the supply chain.
Why are supply chain attacks dangerous for the IT industry?: Such attacks allow hackers to embed malicious code into legitimate software components, leading to large-scale data breaches and infrastructure compromises.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml