microsoft attributed a compromise of 140+ mastra ai npm packages to sapphire sleet, the north korean state-backed group also known as bluenoroff and associated with cryptocurrency theft operations. the malware embedded in the packages was capable of stealing credentials, tokens, and crypto assets from any developer or system that installed the affected packages. this is the first publicly attributed north korean supply chain operation targeting ai development tooling specifically, suggesting deliberate interest in infiltrating the ai infrastructure layer rather than purely financial targets.