Microsoft has restricted access to multiple GitHub repositories following a cyberattack on open-source projects. The data breach allegedly involved credential-stealing malware that targeted developers working with AI tools. This incident has renewed attention on software supply chain security amid growing threats to developer communities from cybercriminals.
Security experts found malware in various GitHub repositories owned by Microsoft. This cyberattack took place in projects related to Azure, developer tools, and documentation. In response to the security issue, Microsoft limited access to the affected repositories while conducting an investigation.
A spokesperson from Microsoft told TechCrunch, “As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels.”
Experts revealed that at least 73 GitHub repositories were compromised in this attack. However, several repositories have already been recovered, while some others are still under review.
Experts suggest that AI-assisted development has become one of the prime targets for its extensive reach to the codebase, clouds, and deployment pipelines. A compromise will thus provide a backdoor to penetrate corporate networks more widely.
The incident highlights the growing threat posed by software supply chain attacks. Instead of attacking organizations directly, threat actors increasingly compromise trusted software components that developers use every day. Additionally, it was highlighted that the malware could use the compromised credentials to spread further throughout the repository and thereby enhance the scope of the malware attack.
It was reported that Microsoft had pulled down various repositories after discovering malicious content within them. It was further mentioned that Microsoft had contacted a select few individuals using the compromised repositories. Once again, this incident has highlighted the need for improved practices regarding the security of code and credentials used in repositories.
Also read: Instagram New Update: Grid Reordering Now Live on Android & iPhone