Nation-State Actors Are Now Targeting Your AI Agent's npm Packages

This article was originally published on LucidShark Blog.

On June 17, 2026, Microsoft Threat Intelligence published a report attributing a supply chain attack on more than 140 packages in the @mastra npm scope to Sapphire Sleet, a North Korean state-sponsored threat actor. Mastra is a TypeScript framework for building agentic AI applications. Its packages are used by teams building Claude Code integrations, MCP servers, and autonomous coding pipelines. The attack vector was a postinstall hook. The payload stole AI provider API keys, cloud credentials, and CI/CD tokens.

This is not a story about an opportunistic criminal trying to make a quick profit from stolen package manager credentials. This is a nation-state actor making a deliberate, strategic decision that the most valuable target in modern software development is the developer building AI coding tools.

Scope of the Mastra attack: 140+ packages across the @mastra and mastra npm scopes were compromised in a coordinated campaign attributed by Microsoft Threat Intelligence to Sapphire Sleet (also tracked as BlueNoroff). Affected versions contained a postinstall payload designed to exfiltrate AI API keys, GitHub tokens, and cloud service credentials from developer machines.