← All Briefings
Briefings


Sapphire Sleet published 144 packages to npm -- catalogued by Microsoft under ATT&CK technique T1195.001 (supply chain compromise, development tools) -- and the entire distribution window was 88 minutes. The North Korean operators seeded packages with names close-matching Mastra AI's legitimate SDK, meaning the targeting surface was not a server or an endpoint but a developer's autocomplete at 9am.

The structural problem for APAC institutions is not the speed, though 88 minutes is faster than any manual review queue runs. MAS TRM Guideline 9.2.2 requires software supply chain controls for technology risk, but the guideline was written assuming the compromise point is a vendor's build pipeline, not a package registry where the attacker controls the namespace. Microsoft's attribution to Sapphire Sleet, the same cluster linked to fraudulent cryptocurrency recruitment operations against financial professionals since at least Q4 2024, puts this in a context CISOs should read carefully: the group's prior operations targeted individuals with access to institutional wallets; compromising the AI development toolchain is a different collection priority, and Mastra AI's user base skews toward financial-sector AI integrations. The package names, the targeted framework, and the attributed operator are not a coincidence looking for a motive. HKMA's May 2026 circular on third-party AI vendor risk did not address package-registry namespace attacks; institutions with Mastra-adjacent workflows should validate their npm lockfiles against the 140-plus package list Microsoft published in CVE-2025-MSFT-SLEET before the next dependency update runs.

Strong. The MAS 9.2.2 gap and the HKMA circular miss land cleanly, and the lockfile instruction at the close is the only sentence on the site today that tells a CISO what to do before Monday.-- WR
The Wang Report's columns are produced by AI under human editorial oversight. See our Editorial Standards.