microsoft attributed a supply chain compromise of 140-plus npm packages in the mastra scope — ai agent development tooling — to sapphire sleet, also known as bluenoroff, a north korean state actor primarily known for financial sector targeting. the attack vector was a hijacked npm maintainer account. the specific targeting of ai developer tooling rather than financial infrastructure marks an observed expansion of sapphire sleet's operational focus into the ai development supply chain.