microsoft attributed a supply chain attack on the npm ecosystem to north korean state actor sapphire sleet (also known as bluenoroff). attackers hijacked a legitimate npm maintainer account and pushed malicious updates to over 140 packages. sapphire sleet primarily targets the financial sector. this is notable because the attack vector — compromising a trusted account rather than a package directly — is harder to detect and affects downstream consumers who trust the maintainer.