Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Ravie LakshmananJun 06, 2026Supply Chain Attack / Malware

Microsoft’s GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign.

The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to those repositories.

“Access to this repository has been disabled by GitHub Staff due to a violation of GitHub’s terms of service,” reads the message when attempting to access the “Azure/azure-functions-host” repository. “If you are the owner of the repository, you may reach out to GitHub Support for more information.”

According to OpenSourceMalware, some of the repositories impacted by the incident are listed below –

azure-search-openai-demo-purviewdatasecurity
Connectors-NET-LSP
Connectors-NET-SDK
durabletask
durabletask-dotnet
durabletask-go
durabletask-js
durabletask-mssql
functions-container-action
homebrew-functions
llm-fine-tuning
windows-driver-docs

What’s notable about the latest campaign is the re-compromise of the “durabletask” PyPI package, which was infected by TeamPCP last month to deliver an information stealer on Linux systems.

“A month later, not only is Azure/durabletask gone – so is every sibling repo in the Durable Task ecosystem, sitting one org over in Microsoft: the .NET, Go, Java, JS, MSSQL, Netherite, and protobuf implementations, plus the Durable Functions monitor,” security researcher Paul McCarty (aka 6mile) said.

“When the repo at the root of last month’s compromise is the hub of this month’s takedown, that is not a coincidence – that is the same wound reopening. Whoever held those credentials in May plausibly never fully lost them.”