Microsoft was forced to temporarily block access to more than 70 of its own open-source projects on the GitHub platform. The cause was a large-scale supply chain attack during which malicious actors injected malicious code into Azure cloud tools and popular AI assistants for developers.
Attack Mechanism and Hacker Objectives
The incident was first detected by analysts from Cloudsmith and the OpenSourceMalware monitoring platform. According to experts, the injected virus activated directly at the moment of launching the compromised utilities while programmers were writing code.
The main task of the malware is the automatic reading and transmission of confidential data to the attackers: saved passwords, access tokens, and other credentials. A key feature of the attack was the choice of targets: hackers focused on tools that integrate neural networks into the working environment.
Specialists working with cloud services and AI assistants typically have extended access rights to internal databases and servers. Stealing their personal keys opens the way for hackers to deeply penetrate the corporate networks of large companies.
Microsoft's Response and the Scale of the Problem
At the moment, the exact number of developers who managed to download the infected updates remains unknown. On the pages of the blocked projects, the GitHub administration posted notifications about violations of the service terms.
Microsoft's official representative, Ben Hope, stated that some repositories have already been returned online after a thorough check, but others will remain inaccessible until the investigation is completed. The company has begun directly informing a limited circle of clients who are guaranteed to have downloaded malicious content during the period of hacker activity.
Second Breach and Security Questions
Of particular concern is the fact that the current situation is a repeat breach of the Durable Task project — a tool for creating applications. In mid-May, Microsoft had already reported the elimination of a vulnerability in the same code.
Analysts emphasize: the incident proves that either the company's previous security actions were ineffective, or hackers used a completely new vector of penetration into the closed repository management infrastructure. Security experts note that large tech giants rarely become victims of such incidents, as they have resources for monitoring, unlike independent developers.