North Korea Hacks Mastra AI: Supply Chain Attack Alert

North Korean hackers have compromised the open-source artificial intelligence framework, Mastra. They planted credential-stealing code into more than 140 npm packages. Attackers, tracked as BlueNoroff or Sapphire Sleet, breached a Mastra npm maintainer account. This spread malware into software development pipelines that use the framework for AI applications. This group is an affiliate of North Korea's Lazarus Group, known for financially motivated campaigns. What's interesting is that this incident signals a shift. State-sponsored groups are now focusing on AI development frameworks to breach corporate networks. These AI toolchains are deeply embedded in development workflows and often hold sensitive credentials. The bottom line is that targeting this layer allows attackers to gain a foothold directly in the software supply chain, posing a significant risk to developers and companies.