Microsoft's open-source tools have been compromised by hackers, allowing them to inject password-stealing malware into the code. The breach affected dozens of projects hosted on GitHub, including those related to Microsoft's cloud service Azure and AI development apps. The incident highlights the vulnerability of widely used open-source projects and the potential for supply chain attacks in the tech industry.
What Happened
The hack was discovered by security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, who flagged the compromised projects on GitHub. According to Microsoft spokesperson Ben Hope, the company temporarily removed some repositories as it investigated potential malicious content. However, it wasn't until Monday that Microsoft acknowledged the breach, stating that some of the affected projects had been restored after review, while others remained offline.
The malware used in the attack is tracked as Miasma and allows hackers to steal credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations. It also spreads laterally through cloud infrastructures to infect other developer machines. The technique used by the attackers bypasses the repository's build pipeline entirely.
Background and Context
This is not the first time Microsoft has been breached in recent months. In mid-May, security researchers said that Microsoft's open-source project Durable Task was hacked. OpenSourceMalware suggested that this latest incident may be a "re-compromise" of the same project, implying that Microsoft may not have eradicated the hackers on its first attempt or an entirely new, distinct breach.
Microsoft has been working to improve its security measures in response to these incidents. However, the company's own GitHub platform was used by the attackers to distribute the malware. This highlights the potential for supply chain attacks, where hackers target code that is widely used in software products or by specific types of users.
Why It Matters to the Industry
The breach has significant implications for the tech industry, particularly for companies that rely on open-source projects and cloud services. The malware used in the attack can steal sensitive credentials and spread laterally through cloud infrastructures, putting developers' machines at risk.
This type of supply chain attack is becoming increasingly common, with hackers targeting widely popular open-source projects to gain access to a large number of users. As more companies move their operations to the cloud, the potential for these types of attacks will only continue to grow.
What Comes Next
Microsoft has notified a small number of customers who may have pulled down content from the affected repositories and will continue to investigate the breach. The company has also expanded its scanning service for credential exposure to include any SAS tokens that may have "overly-permissive expirations or privileges."
Lessons Learned
The incident highlights the importance of security measures in open-source projects and cloud services. Companies must be vigilant in monitoring their code repositories and take proactive steps to prevent supply chain attacks.
Key Facts
- Dozens of Microsoft's open-source projects were compromised by hackers, allowing them to inject password-stealing malware into the code.
- The breach affected projects related to Azure and AI development apps.
- The malware used in the attack can steal credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations.
- Microsoft has temporarily removed some repositories as it investigates potential malicious content.
- The company has notified a small number of customers who may have pulled down content from the affected repositories.
As the tech industry continues to rely on open-source projects and cloud services, companies must prioritize security measures to prevent supply chain attacks. The breach highlights the potential risks and emphasizes the need for vigilance in monitoring code repositories.
