Microsoft ties Mastra supply chain attack to North Korea

Microsoft attributed the Mastra AI supply chain attack to North Korean hacking group Sapphire Sleet. The attackers compromised the npm maintainer account "ehindero" and published malicious updates for over 140 packages. The malicious dependency "easy-day-js" deployed a malware dropper targeting credentials, API keys, and cryptocurrency wallets.