When did the attack on Microsoft's GitHub repositories occur?

The attack occurred on June 5, 2026

Miasma Worm Compromises Microsoft GitHub Repositories: Potential Threat to AI Coding Tools

Q: What kind of credentials did the Miasma worm harvest during the attack?

Credentials for AWS, Azure, GCP, Kubernetes, npm, GitHub, and over 90 developer tool configurations

A sophisticated supply chain attack on June 5, 2026, compromised 73 Microsoft GitHub repositories using the Miasma worm. The attack targeted Azure/durabletask and harvested credentials for various cloud platforms.

A sophisticated supply chain attack has compromised 73 Microsoft GitHub repositories, highlighting critical weaknesses in the trust model of open-source software delivery and the potential for AI-assisted development tools to be exploited. The Miasma worm, a self-replicating malware, was able to spread through previously compromised contributor credentials, harvesting cloud platform and developer tool credentials before propagating itself to additional repositories.

The attack, which occurred on June 5, 2026, targeted the Azure/durabletask repository using a previously compromised contributor account. The malicious commit introduced configuration files that triggered a credential-harvesting payload when the repository was opened in AI coding tools such as Claude Code, Gemini CLI, Cursor, and VS Code.

What Happened

The Miasma worm campaign reached Microsoft's Azure GitHub organizations on June 5, 2026. The attack planted configuration files that execute a credential-harvesting payload when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code. This is not the first time Microsoft has been targeted by the Miasma worm; a similar breach occurred just weeks prior involving the same family of malware.

The attack was executed using previously compromised contributor credentials, allowing the attacker to push a malicious commit to the Azure/durabletask repository. The commit introduced five files designed to trigger automatic execution of an obfuscated JavaScript payload when the repository was opened in various developer tools. The actual malicious code resided in .github/setup.js, a large, obfuscated JavaScript file acting as a credential harvester.

The worm harvested credentials for AWS, Azure, GCP, Kubernetes, npm, GitHub, and over 90 developer tool configurations. These credentials were then used to commit the worm into any repository the victim could access, enabling rapid, autonomous propagation.

Background and Context

The Miasma worm is an evolved variant of Mini Shai-Hulud, a worm whose source code was open-sourced by the cybercrime group TeamPCP. The group's naming has shifted from Dune references to Greek mythology this time, with repo descriptions like "Miasma: The Spreading Blight" and "Hades: The End for the Damned."

The operation started at Red Hat, where attackers compromised a Red Hat employee's GitHub account and pushed unreviewed orphan commits to internal repos, injecting a minimal workflow that requested GitHub's OIDC tokens. This registry poisoning workflow in early June executed an obfuscated payload that published 32 malicious package versions to the npm registry.

The detail that makes this particularly hard to catch is what those OIDC tokens provided: legitimate SLSA provenance attestations, which are designed to verify that code was built by who it claims to have been built by. However, they're not designed to detect a legitimate maintainer whose credentials have been stolen.

Why It Matters

The Miasma worm attack highlights critical weaknesses in the trust model of open-source software delivery and the potential for AI-assisted development tools to be exploited. Supply chain security frameworks like SLSA are designed to verify that code was built by who it claims to have been built by, but they're not designed to detect a legitimate maintainer whose credentials have been stolen.

This attack demonstrates how compromised contributor credentials can be used to push malicious commits to repositories, highlighting the need for improved security measures in open-source software delivery. The use of AI-assisted development tools also raises concerns about the potential for these tools to be exploited by attackers.

What Comes Next

The incident has led to GitHub disabling 73 Microsoft repositories across four organizations in a 105-second automated sweep. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family across .NET, Go, Java, JavaScript, MSSQL, and Python.

Microsoft is likely to take steps to improve security measures in their open-source software delivery process, including implementing additional checks for contributor credentials and improving detection of malicious commits. The adult industry, which relies heavily on open-source software and AI-assisted development tools, should also take note of this incident and consider implementing similar security measures.

Key Facts

The Miasma worm compromised 73 Microsoft GitHub repositories.
The attack was executed using previously compromised contributor credentials.
The worm harvested credentials for AWS, Azure, GCP, Kubernetes, npm, GitHub, and over 90 developer tool configurations.
The attack used AI-assisted development tools to execute a credential-harvesting payload.
GitHub disabled 73 Microsoft repositories across four organizations in a 105-second automated sweep.