Security2026-06-26 · source-backed
North Korea backdoored 144 agent-framework npm packages in 88 minutes.
Story
On June 17, an attacker compromised the @mastra npm org via a former contributor's still-active scope access, added a dayjs typosquat as a dependency across 140+ packages, and mass-published 144 malicious versions inside 88 minutes. Combined 1.1M+ weekly downloads exposed. Microsoft attributed it with high confidence to Sapphire Sleet (BlueNoroff/APT38). AI agent frameworks are now first-class supply-chain targets, and stale scope access is still the way in.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Shared topic / Earlier coverage
Microsoft pins the 144-package @mastra npm worm on North Korea's Sapphire Sleet, and the payload targets AI IDE configs.
Both cover APT38, BlueNoroff, Microsoft, North Korea; overlapping topics (agent, apt38, attributed); earlier APT38 coverage from 2026-06-23.
North Korea Backdoored Axios. 100 Million Weekly Downloads, 3 Hours of Exposure, and a RAT on Every Platform.
Both cover Microsoft, Sapphire Sleet; overlapping topics (attributed, backdoored); earlier Microsoft coverage from 2026-04-02.
Shared entity: Microsoft / Shared topic / Earlier coverage / Tension
Self-replicating "Miasma" malware hit 70+ Microsoft open-source repos, stealing credentials the instant a repo opens in an AI tool.
Both cover Microsoft; overlapping topics (agent, attacker); earlier Microsoft coverage from 2026-06-09.
Azure DevOps Remote MCP Server: Zero-Install Hosted MCP.
Both cover Microsoft; overlapping topics (access, agent); earlier Microsoft coverage from 2026-03-18.
Shared entity: Microsoft / Shared topic / Earlier coverage
Azure AI Foundry CVE-2026-35435: M365 Published Agents Actively Exploited.
Both cover Microsoft; overlapping topics (access, agent, attacker); earlier Microsoft coverage from 2026-05-25.
Shared entity: Combined / Shared topic / Earlier coverage
LLM Biosecurity Risk: 4.16x Accuracy Uplift for Novices
Both cover Combined; overlapping topics (access, agent, combined); earlier Combined coverage from 2026-03-14.
Shared entity: Microsoft / Shared topic / What happened next
The enterprise platforms just built toll booths for your agents
Both cover Microsoft; overlapping topics (access, agent); picks up the Microsoft thread on 2026-06-28.
Shared entity: Combined / Shared topic / Earlier coverage
"API to MCP" turns any REST API into an MCP server.
Both cover Combined; overlapping topics (agent, combined); earlier Combined coverage from 2026-06-24.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — June 26, 2026
- AI generated
- no
- Story unit
- 2026-06-26-north-korea-backdoored-144-agent-framework-npm-packages-in-88-minutes
- Labels
- source-backed, canonical briefing excerpt