Sapphire Sleet
Nation-state North Korea Dormant
- Mentions
- 1
- First seen
- 18 Jun 2026
- Last seen
- 18 Jun 2026
Relevant to you ยท Relevant
- Threat focus:
- supply chainespionage / apt
Origin
North Korea
Profile
Sapphire Sleet is a threat actor group recently involved in a supply chain attack on the npm package 'Mastra'. The attackers compromised the package and inserted a malicious postinstall payload that executes upon installation. The exact targets and malware details remain unclear. The incident highlights the risks of supply chain attacks in the software development lifecycle.
Affected vendors
Npm
Targeted sectors
Software development