GitHub Disables 73 Microsoft Repositories in 105 Seconds After Miasma Worm Compromises Azure Infrastructure and Breaks CI/CD Pipelines
GitHub has disabled 73 Microsoft repositories after the Miasma worm infiltrated Azure infrastructure through a compromised contributor account, breaking CI/CD pipelines across the Azure Functions ecosystem and triggering remote code execution on developer machines that opened the infected repos in IDEs and AI coding tools.
The attack began on Friday, June 5, when a malicious commit was pushed to the Azure/durabletask repository. The commit dropped configuration files designed to trigger code execution the moment a developer opened the repo in an IDE or AI-assisted coding tool such as Claude Code, Gemini CLI, or Cursor. From that initial foothold, the worm propagated across related Microsoft repositories.
GitHub's automated detection systems tripped and disabled all 73 repositories within 105 seconds in two separate waves. But the damage to downstream workflows was immediate. The Azure/functions-action repository — used to deploy code to Azure Functions — was among those taken down, breaking every CI/CD workflow that referenced Azure/functions-action@v1. Developers reported broken pipelines almost immediately, though a Microsoft moderator initially attributed the disruption to "an internal management issue."
The targeting of durabletask is significant because it was the same package hit by the Miasma worm on May 19, when three malicious versions were uploaded to PyPI within a 35-minute window, planting infostealers that specifically targeted cloud secrets and developer tool configurations on Linux systems. StepSecurity's analysis suggests the contributor tokens compromised during the initial PyPI attack were never fully rotated, giving the attacker a direct path back into the GitHub repositories. Alternatively, the contributor may have been re-compromised through the worm's own propagation loop.
Miasma is a direct descendant of the Mini Shai-Hulud worm, which ZDW has tracked across multiple incidents this year. TeamPCP claimed responsibility for developing Mini Shai-Hulud, and the group's decision to open-source the worm in May has made attribution of follow-on attacks significantly harder — anyone with the source code could have launched Miasma. Two days before the Microsoft attack, the same worm compromised more than 50 npm packages, including a Vapi.ai SDK with over 408,000 monthly downloads.
The attack chain represents an evolution in supply chain worm tactics. Rather than targeting individual packages with backdoored dependencies, Miasma exploits the development environment itself — triggering execution when a repo is opened in an IDE, not when a package is installed. This means developers can be compromised simply by cloning or browsing a repository, without running any code or installing any dependency.
The Bigger Picture:
The Miasma worm's re-compromise of Azure/durabletask after the initial PyPI incident points to a systemic failure in post-incident credential rotation — one of the most basic remediation steps after a supply chain compromise. GitHub's 105-second automated response is impressive, but the worm had already propagated and broken production CI/CD pipelines before the kill switch activated. The shift from package-level to IDE-level exploitation means the attack surface now includes every tool a developer uses to view code, not just the tools used to build or deploy it. Organizations should audit whether contributor tokens were rotated after the May incidents, restrict IDE auto-execution of repository configuration files, and monitor for unexpected commits to infrastructure-critical repositories.
