Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft restored some GitHub repositories on Monday following a security incident that compromised 73 of its open-source projects, allowing attackers to inject an information stealer into the code. The company stated its priority is to protect customers and the broader ecosystem. The incident, which occurred last week, involved unauthorized access to a GitHub account used by Microsoft's developer division. This breach allowed malicious actors to modify source code in several projects, including the popular open-source AI framework `transformers` and the `azure-sdk-for-python` library. Microsoft's security team identified the compromise on April 11, 2024, and immediately initiated an investigation, dubbed 'Miasma', to understand the full scope of the breach and mitigate further risks. While some repositories have been brought back online after thorough security reviews and code sanitization, others remain offline as the investigation continues. The company has not disclosed the exact number of repositories still affected but emphasized its commitment to transparency and security in its response. This incident highlights the ongoing challenges in securing the open-source supply chain, a critical component for many technology companies and developers worldwide.
Original source — read the full reporting at the publisher:
Read on The Hacker News