Major attack: Worm kills Microsoft GitHub repos – with serious consequences
The self-replicating worm “Miasma” has infected exactly 73 important Microsoft projects on GitHub. The supply chain attack led to the immediate blocking of the source code and paralyzed work processes worldwide.
Strike against Azure
A self-replicating worm called Miasma caused a major outage at Microsoft on June 5th. As part of a so-called supply chain attack, exactly 73 important repositories on GitHub were infected and then deactivated. Such an attack aims to exploit vulnerabilities in the software supply chain to inject malicious code into trusted programs.
The developers of the Azure cloud platform were hit particularly hard. Important tools like Azure Functions have been taken completely offline. The incident resulted in GitHub’s automated protection mechanisms completely suspending the affected projects in just 105 seconds. With many developers worldwide relying on these repos, countless automated pipelines collapsed almost immediately.
Automated distribution
The IT security page OSM lists all affected repos and explains how the Miasma worm uses stolen credentials to spread. This can be traced back to an earlier attack on the Durabletask software package. The attackers still had access to important keys and were able to inject the malicious code directly into the Microsoft environment. Miasma is a variant of the Mini Shai-Hulud malware that caused great chaos in the node package management some time ago.
A major danger of malware is its trigger mechanism. The worm activates automatically as soon as a developer opens the infected code in modern programming tools such as Cursor or VS Code. The software then collects access data for cloud services such as Azure, AWS or GCP in the background. The worm then uses the stolen keys to independently copy itself into other projects over the network.
Global consequences for developers
The current blocking of the 73 code libraries has far-reaching consequences for the everyday work of many developers. Many software teams integrate external tools using flexible placeholders in order to always receive the latest version. If the source suddenly disappears from the network, the entire software building process fails. IT experts currently recommend using fixed version numbers to avoid this.
While the quick intervention of the automated GitHub systems prevented something worse from happening, Microsoft’s communication is criticized. The company initially only spoke of an internal administrative problem, although GitHub had blocked the projects due to violations of the terms of use. Such incidents show that even large tech companies are vulnerable to complex attacks on the software supply chain.
