Microsoft Shuts Down 70+ GitHub Open Source Repositories Due to Miasma Worm Attack
More than 70 open source repositories hosted by Microsoft on GitHub (mainly including Azure Functions host processes and Durable Task in .NET, Java, Go, JavaScript, and other language versions) have been urgently shut down due to a Miasma worm attack.
This worm is a variant of the internal code theft incident at GitHub in mid-May, where the hacker group TeamPCP injected malicious code into trusted repositories using stolen credentials. The worm specifically targets AI programming scenarios, triggering when developers use AI assistants like Claude Code, Cursor, and Gemini CLI to parse contaminated projects, automatically stealing AWS, GCP, Azure credentials, SSH keys, and npm/PyPI tokens, and achieving self-replication.
GitHub's defense system automatically shut down 73 repositories within 105 seconds of the malicious submission. Microsoft has notified affected developers and initiated credential rotation and security audits.
Source: Public Information
ABAB AI Insight
此次攻击延续5月中旬TeamPCP通过VS Code恶意扩展窃取GitHub员工凭证的路径,Miasma蠕虫升级版精准适配AI助手工作流,暴露了AI编程时代供应链信任扩展带来的新风险,类似历史SolarWinds事件但传播速度与针对性更强。
资本路径上,微软与GitHub将安全资源持续投入自动化检测、多签机制与凭证管理系统,通过快速响应与审计调动开发者警惕性,战略动机在于保护开源生态并为Copilot等AI产品筑牢安全底座,避免供应链攻击阻碍AI编程工具的广泛采用。
类似针对开源供应链的多次高级攻击,以及当前AI代理工具普及带来的新攻击面扩大,与开发者工具从传统IDE向AI辅助工作流转型阶段一致。
本质属于技术替代与监管变化:Miasma蠕虫加速传统代码审查向AI代理安全防护替代,机制上通过自动化传播将开发者注意力与安全预算从常规审计向少数具备实时检测、隔离能力与AI原生防护的平台集中,进一步强化GitHub与微软在开源安全领域的责任与技术壁垒,推动整个AI编程生态向更高供应链安全标准演进。
ABAB News · 认知定律
供应链易攻AI代理难防,105秒关停即反应杠杆。
多数信赖官方仓库,少数锁多层凭证与检测,结构风险源于AI工具信任扩展。
卖开源便利得一时效率,守安全闭环赢长期生态,赢家总把蠕虫当供应链进化警钟.