◈ AI Security Intelligence ← Daily feed
Vulnerability  ·  2026-06-29

North Korean Sapphire Sleet Mastra npm Supply Chain Attack — 144 AI Agent Framework Packages Trojanized, ~8M Weekly Downloads Exposed

VulnerabilityHigh impactGlobal
What happened
On June 17, 2026, North Korean state actor Sapphire Sleet (BlueNoroff/APT38, attributed by Microsoft with high confidence) hijacked the npm account 'ehindero' — a former Mastra contributor whose publishing rights were never revoked — and within 88 minutes published poisoned updates to 141 packages across the @mastra scope. Each update injected a malicious dependency 'easy-day-js' (a typosquat of the legitimate dayjs library) carrying a postinstall hook. The hook disabled TLS verification, contacted attacker-controlled C2, and dropped a cross-platform credential-stealing RAT targeting 166 cryptocurrency wallet browser-extension IDs, AI API keys, GitHub tokens, AWS credentials, and developer identity data. Mastra is a TypeScript framework for building AI agents, RAG pipelines, and LLM workflows; @mastra/core alone had ~918K weekly downloads at time of attack. Microsoft published attribution analysis on June 17–19.
Why it matters
Mastra is core AI-agent developer infrastructure — its scope covers agent orchestration, tool integrations, MCP servers, and RAG pipeline components. By compromising install-time execution across ~8M weekly downloads, attackers gained access to the most sensitive credentials in AI development pipelines: LLM API keys (OpenAI, Anthropic, etc.), cloud provider tokens, and CI/CD secrets enabling lateral movement across entire AI infrastructure stacks. This attack ran at npm install time, before any application code executed, making it invisible to static analysis and runtime monitoring.
Attack vector
Hijacked npm maintainer account used to inject malicious easy-day-js dependency into 141 Mastra packages; postinstall hook fires on npm install on any developer machine or CI/CD runner, dropping cross-platform credential-stealing RAT
Affected systems
@mastra/* npm packages — 141 packages trojanized; mastra versions 1.13.1+ and @mastra/core versions 1.42.1+ during June 17, 2026 attack window
Mitigation
Pin known-good versions (mastra ≤ 1.13.0, @mastra/core ≤ 1.42.0 are unaffected); audit node_modules/ and package-lock.json for easy-day-js; rotate all credentials on systems that ran npm install during the June 17 window; enforce SLSA provenance attestation on npm org policy. Microsoft blog: https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/
Sources
Microsoft Security Blog — Postinstall Payload Inside Mastra npm Supply Chain Compromise (2026-06-17/19)SecurityWeek — North Korean Hackers Blamed for Mastra NPM Supply Chain Attack (2026-06-22)InvisiRisk — Inside the Mastra npm Supply Chain Attack (2026-06-17)Infosecurity Magazine — Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →