Full Report
Miasma worm shapeshifts, but cloud secret-scouting remains the goal
Analysis Summary
# Incident Report: Miasma Worm Supply Chain Attack (GitHub/Microsoft)
## Executive Summary
In June 2026, the Miasma worm compromised over 70 Microsoft-owned GitHub repositories, leading to a massive disruption of CI/CD pipelines. The attack utilized compromised developer credentials to push malicious commits that triggered remote code execution (RCE) via IDEs and AI coding tools. GitHub successfully disabled the affected repositories within minutes of detection, though the incident highlighted persistent risks in credential rotation and supply chain security.
## Incident Details
- **Discovery Date:** Friday, June 5, 2026
- **Incident Date:** June 5, 2026 (with related activity dating back to May 19, 2026)
- **Affected Organization:** Microsoft (GitHub Repositories)
- **Sector:** Technology / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** June 5, 2026
- **Vector:** Compromised contributor account/tokens.
- **Details:** An attacker utilized previously harvested or unrotated tokens to push malicious commits to the `Azure/durabletask` repository.
### Lateral Movement
- **Mechanism:** Self-propagating worm logic (Miasma). The worm identifies and targets connected repositories and developer environments to spread malicious configuration files across the ecosystem.
### Data Exfiltration/Impact
- **Credential Harvesting:** The worm specifically sought cloud secrets, environment variables, and developer tool configurations on Linux systems.
- **Operational Impact:** Broken CI/CD pipelines globally, specifically impacting `Azure/functions-action` which prevented code deployments to Azure.
### Detection & Response
- **Detection:** Automated GitHub security alarms were tripped on June 5.
- **Response Actions:** GitHub disabled 73 repositories in two waves, totaling 105 seconds for the entire automated takedown process.
## Attack Methodology
- **Initial Access:** Compromised developer credentials (potentially from a previous May 2024 attack on PyPi).
- **Persistence:** Malicious configuration files embedded in legitimate repositories.
- **Privilege Escalation:** Not explicitly detailed, but relies on the privileges of the compromised contributor.
- **Defense Evasion:** Shapeshifting/polymorphic code (Miasma worm) and metadata alteration to mask the source of commits.
- **Credential Access:** Snifting for cloud secrets and developer tool configurations.
- **Discovery:** Scanning for IDE/AI tool configurations (Claude Code, Gemini CLI, Cursor).
- **Lateral Movement:** "Worm" propagation via malicious commits to downstream or related repositories.
- **Collection:** Automated searching for environment variables and secrets.
- **Exfiltration:** Infostealer functionality targeting harvested cloud tokens.
- **Impact:** Repository suspension and crippling of CI/CD workflows.
## Impact Assessment
- **Financial:** Undisclosed, but significant internal labor costs for remediation and lost productivity for Azure customers.
- **Data Breach:** Compromise of developer tokens and cloud secrets; number of affected users scales with repository downloads.
- **Operational:** HIGH. Dozens of Microsoft tools and deployment actions (such as `Azure/functions-action@v1`) were rendered unavailable.
- **Reputational:** MODERATE. Highlights vulnerability in Microsoft’s internal credential rotation policies.
## Indicators of Compromise
- **Network indicators:** Connections to known malicious package registries or exfiltration C2s (details not specified in source).
- **File indicators:** Malicious configuration files in `Azure/durabletask` and `Azure/functions-action`.
- **Behavioral indicators:** Rapid, automated commits from a single contributor across multiple repositories; high volume of repository "Terms of Service" violations.
## Response Actions
- **Containment:** GitHub automated systems disabled 73 repositories to prevent further propagation.
- **Eradication:** Removal of malicious commits and configuration files.
- **Recovery:** Restoring repository access; advising users on CI/CD pipeline fixes.
## Lessons Learned
- **Credential Hygiene:** The suspected reuse of tokens from a May 19th incident suggests that credential rotation following a breach was incomplete.
- **IDE Vulnerability:** Modern AI coding tools (Cursor, Claude Code) represent a new attack surface where malicious repo configurations can trigger execution on a dev's local machine.
- **Supply Chain Sensitivity:** A single compromised "action" repository can break thousands of downstream customer pipelines.
## Recommendations
- **Enforce MFA:** Ensure all contributors are utilizing hardware-based Multi-Factor Authentication.
- **Automated Token Rotation:** Implement strict, short-lived session tokens for repository contributions.
- **IDE Sandboxing:** Developers should run AI coding assistants and IDEs in isolated environments to prevent local RCE from malicious configuration files.
- **Integrity Checks:** Implement CI/CD gates that scan for unauthorized changes to configuration files (`.yaml`, `.json`) before execution.