Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft has restored several GitHub repositories after temporarily removing them during an ongoing investigation into a supply chain attack. The company confirmed that threat actors compromised 73 of its open-source projects to distribute an information stealer.

The incident, tracked as Miasma, targeted Microsoft's public repositories on GitHub. Attackers injected malicious code designed to harvest sensitive data from affected systems. Microsoft removed repositories as a precautionary measure to prevent further damage and halt the distribution of compromised code.

The company has since begun restoring repositories while maintaining others in an offline state pending completion of its security probe. Microsoft prioritized protecting customers and the broader open-source ecosystem when making removal decisions. The restoration process appears selective, suggesting Microsoft is verifying code integrity before bringing systems back online.

The scope of impact extends beyond Microsoft's internal operations. Open-source projects hosted on GitHub receive contributions from developers worldwide. Compromised repositories pose risks to organizations and developers who may have downloaded or integrated the malicious code into their own applications. An information stealer embedded in legitimate Microsoft projects could exfiltrate credentials, API keys, and other sensitive data from development environments.

This incident underscores the risks inherent in supply chain attacks targeting popular open-source repositories. When attackers compromise widely-used code, the blast radius extends across countless downstream projects and organizations. Developers often trust established maintainers like Microsoft, making such compromises particularly effective.

Organizations that depend on Microsoft's open-source projects should verify whether they pulled code during the affected window. Code review and dependency scanning tools can help identify whether malicious packages entered development pipelines. GitHub's recent security updates include improved notification mechanisms for repository owners when suspicious activity occurs.

Microsoft has not disclosed the specific attack vector used to gain access to the repositories or identified the threat actors responsible. The deliberate pace of restoration suggests Microsoft is conducting thorough security reviews before restoring full functionality to its projects.