← The Wire

Security2026-06-26 · source-backed

North Korea backdoored 144 agent-framework npm packages in 88 minutes.

Confidence
source-backed
Sources
1
Redaction
passed

Story

On June 17, an attacker compromised the @mastra npm org via a former contributor's still-active scope access, added a dayjs typosquat as a dependency across 140+ packages, and mass-published 144 malicious versions inside 88 minutes. Combined 1.1M+ weekly downloads exposed. Microsoft attributed it with high confidence to Sapphire Sleet (BlueNoroff/APT38). AI agent frameworks are now first-class supply-chain targets, and stale scope access is still the way in.

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Shared topic / Earlier coverage

    Microsoft pins the 144-package @mastra npm worm on North Korea's Sapphire Sleet, and the payload targets AI IDE configs.

    Both cover APT38, BlueNoroff, Microsoft, North Korea; overlapping topics (agent, apt38, attributed); earlier APT38 coverage from 2026-06-23.

  2. North Korea Backdoored Axios. 100 Million Weekly Downloads, 3 Hours of Exposure, and a RAT on Every Platform.

    Both cover Microsoft, Sapphire Sleet; overlapping topics (attributed, backdoored); earlier Microsoft coverage from 2026-04-02.

  3. Shared entity: Microsoft / Shared topic / Earlier coverage / Tension

    Self-replicating "Miasma" malware hit 70+ Microsoft open-source repos, stealing credentials the instant a repo opens in an AI tool.

    Both cover Microsoft; overlapping topics (agent, attacker); earlier Microsoft coverage from 2026-06-09.

  4. Azure DevOps Remote MCP Server: Zero-Install Hosted MCP.

    Both cover Microsoft; overlapping topics (access, agent); earlier Microsoft coverage from 2026-03-18.

  5. Shared entity: Microsoft / Shared topic / Earlier coverage

    Azure AI Foundry CVE-2026-35435: M365 Published Agents Actively Exploited.

    Both cover Microsoft; overlapping topics (access, agent, attacker); earlier Microsoft coverage from 2026-05-25.

  6. Shared entity: Combined / Shared topic / Earlier coverage

    LLM Biosecurity Risk: 4.16x Accuracy Uplift for Novices

    Both cover Combined; overlapping topics (access, agent, combined); earlier Combined coverage from 2026-03-14.

  7. Shared entity: Microsoft / Shared topic / What happened next

    The enterprise platforms just built toll booths for your agents

    Both cover Microsoft; overlapping topics (access, agent); picks up the Microsoft thread on 2026-06-28.

  8. Shared entity: Combined / Shared topic / Earlier coverage

    "API to MCP" turns any REST API into an MCP server.

    Both cover Combined; overlapping topics (agent, combined); earlier Combined coverage from 2026-06-24.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-06-26-north-korea-backdoored-144-agent-framework-npm-packages-in-88-minutes
Labels
source-backed, canonical briefing excerpt