Microsoft identified a large-scale npm supply chain attack by North Korean threat actor Sapphire Sleet, compromising over 140 packages in the Mastra ecosystem. The attackers used a compromised maintainer account to inject a malicious typosquat dependency that executes a cross-platform Node.js implant during installation, leading to cryptocurrency wallet theft, host reconnaissance, and persistent backdoor access.