Back

Microsoft Open Source Projects Compromised in Supply Chain Attack

Severity: High (Score: 66.0)

Sources: News.Aibase, cloudsmith.com, www.404media.co, Techcrunch, Feeds.4Sysops

Published: 2026-06-08 · Updated: 2026-06-09

Keywords: microsoft, projects, hackers, breach, open, source, malware

Severity indicators: rce, breach, malware

Summary

Microsoft has disabled access to dozens of its open-source projects on GitHub due to a hacking incident that injected password-stealing malware into tools used by AI developers. The attack primarily targeted projects related to Azure cloud services and popular AI coding applications, including Claude Code, Gemini CLI, and VS Code. Security firms Cloudsmith and OpenSourceMalware identified the malware, which exfiltrates user passwords and sensitive credentials when developers use the compromised tools. Microsoft temporarily removed at least 70 repositories for investigation, restoring some after security checks. This incident marks the second breach of Microsoft's open-source projects in recent weeks, raising concerns about the security of the AI development ecosystem. Key Points: • Microsoft's open-source projects were hacked to inject malware for stealing credentials. • The attack targeted tools related to Azure and AI development, affecting many developers. • This is the second breach in weeks, highlighting ongoing security challenges for Microsoft.

Detailed Analysis

**Impact** Dozens of Microsoft open-source projects on GitHub were compromised, primarily affecting tools related to Azure cloud services and AI development applications such as Claude Code, Gemini CLI, and VS Code. The attack targeted developers using these tools, risking the theft of passwords and sensitive credentials. Microsoft temporarily removed at least 70 repositories, with some restored after security checks, indicating a broad impact on the AI development community globally. This is the second breach of Microsoft open-source projects in recent weeks, affecting trust and operational security for developers relying on these resources. **Technical Details** The attack was a software supply chain compromise involving the injection of password-stealing malware into open-source code repositories. The malware executed locally when developers opened the compromised tools, silently exfiltrating passwords and credentials. The breach appears to be a re-compromise of the Durable Task project or a distinct new infiltration. No specific CVEs or detailed IOCs were disclosed in the articles. The attack targeted the delivery and exploitation stages of the kill chain by embedding malicious code in widely used development tools. **Recommended Response** Defenders should immediately audit and verify the integrity of Microsoft open-source tools used in their environments, especially those related to Azure and AI development. Block and monitor for suspicious outbound traffic indicative of credential exfiltration. Apply any security updates or patches released by Microsoft and avoid using disabled or unverified repositories. Organizations should monitor security advisories from Microsoft and community sources for further IOCs and remediation guidance.

Source articles (5)

  • Microsoft’s open source tools were hacked to steal passwords of AI developers — Techcrunch · 2026-06-08
    Microsoft has cut off access to dozens of its open-source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code…
  • Hackers breach Microsoft open source projects to inject credential stealing malware — Feeds.4Sysops · 2026-06-08
    Microsoft recently disabled access to dozens of open-source repositories on GitHub following a supply chain attack. The breach targeted projects primarily related to Azure cloud services and various A…
  • Microsoft Open Source Project Suffers Hacking Attack, Several AI Development Tools ... — News.Aibase · 2026-06-09
    Microsoft, a tech giant, recently took down dozens of open-source project repositories on the GitHub platform. The incident originated from hackers successfully infiltrating these projects and malicio…
  • Miasma Worms Path Of Destruction — cloudsmith.com · 2026-06-08
  • Microsoft Hacked To Deliver Malware To Claude And Gemini Users — www.404media.co · 2026-06-08

Timeline

  • 2026-06-08 — Microsoft disables access to open-source repositories: Dozens of repositories were taken down following a supply chain attack that injected malware into AI development tools.
  • 2026-06-09 — Microsoft confirms investigation into the breach: The company acknowledged the hacking incident and stated that some repositories have been restored after security checks.
  • Recent — Malware analysis reveals credential theft method: Security firms reported that the malware exfiltrates passwords when developers use the compromised tools, emphasizing the attack's targeted nature.

Related entities

  • Supply Chain Attack (Attack Type)
  • Microsoft (Company)
  • Azure (Company)
  • technica.in (Domain)
  • T1003 - OS Credential Dumping (Mitre Attack)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1195 - Supply Chain Compromise (Mitre Attack)
  • Claude Code (Tool)
  • Gemini (Tool)
  • VS Code (Tool)
  • GitHub (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed