general · BleepingComputer
Microsoft attributed a supply chain attack on the Mastra AI npm package environment to Sapphire Sleet, a North Korean state-sponsored group also known as BlueNoroff. Attackers compromised an npm maintainer account with publishing privileges and used it to release malicious updates across more than 140 packages in the @mastra scope. The malicious packages injected a typosquatted dependency called "easy-day-js" that, when installed, executed a post-install hook deploying a malware dropper. The dropper disabled TLS certificate verification, contacted attacker-controlled infrastructure, and downloaded a cross-platform information stealer targeting Windows, Linux, and macOS systems. The malware collected browser histories, running processes, and checked for 166 cryptocurrency wallet browser extensions, while establishing persistence through OS-specific mechanisms including Windows Registry Run keys and systemd services on Linux.
For Omniware's buyers, this incident underscores critical software supply chain risks. SaaS teams and developers relying on open-source npm packages should strengthen dependency vetting and monitoring practices to align with SOC2 trust service criteria around change management and vendor risk. Defense contractors and organizations handling sensitive data must ensure that development environments implement controls consistent with NIST 800-171 requirements for software integrity and authorized software. Organizations should review their Software Bill of Materials (SBOM) practices and incident response procedures for compromised dependencies. An Omniware engagement can scope supply chain risk assessment and remediation strategies tailored to your regulatory posture.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
Source: BleepingComputer
All briefings