English
中文
Deutsch
HomeArticle

73 repositories taken down in 105 seconds, Microsoft's official library is "poisoned" again: you may lose your passwords just by opening Claude and Cursor?

CSDN2026-06-12 16:11
Microsoft responded that some of the repositories have been restored and brought back online after review.

Overnight, a large number of official Microsoft GitHub repositories suddenly disappeared.

Last week, GitHub shut down 73 official Microsoft projects in just 105 seconds, involving Azure, Durable Task, and multiple AI development-related repositories.

Subsequently, security researchers discovered the cause: some projects were suspected of having malicious code implanted by hackers. Once developers open relevant projects through AI programming tools such as Claude Code, Gemini CLI, and Cursor, sensitive information such as account credentials and access tokens may be stolen.

73 official Microsoft repositories disappeared collectively within 105 seconds

What first caught the outside world's attention was the sudden "disappearance" of a large number of official Microsoft projects from GitHub.

Last week, OpenSourceMalware, a security website that specializes in tracking supply chain attack events, released a report stating that on June 5th, GitHub continuously shut down 73 repositories in multiple Microsoft organizations within just 105 seconds.

The projects taken offline covered a wide range, including: the entire Azure Functions organization, the Durable Task project family, multiple AI sample applications, projects related to Azure cloud services, and a series of developer tool repositories. According to researchers' statistics, there were as many as 49 Azure-related projects alone.

When users tried to access these projects, the pages uniformly displayed:

"This repository has been disabled. Due to a violation of GitHub's Terms of Service, GitHub staff has disabled access to this repository."

For any enterprise, shutting down dozens of official open-source repositories at once is very rare. Considering that GitHub itself is a platform under Microsoft, such an operation is even more abnormal.

Subsequently, Microsoft confirmed the fact that the repositories were taken offline to multiple media outlets: "We temporarily removed some repositories while investigating potential malicious content." However, Microsoft did not immediately disclose the specific reason or the scope of impact of the incident.

Attack target: Developers using AI programming tools

As more security agencies got involved in the investigation, the attack chain behind the incident gradually came to light.

StepSecurity, a security company, pointed out in its analysis report that this large-scale repository shutdown was related to a malicious commit in Microsoft's open-source project Durable Task: the attacker implanted a series of specially designed configuration files into the project. These configuration files themselves did not seem remarkable, but once developers used modern AI programming tools to load the project, they might automatically execute relevant operations.

It is reported that the affected tools include Claude Code, Gemini CLI, Cursor, and VS Code.

According to information disclosed by institutions such as StepSecurity, Cloudsmith, and OpenSourceMalware, the main purpose of the malicious configuration was not to damage the code, but to steal developers' identity credentials, such as GitHub Tokens, cloud platform access keys, API Keys, sensitive data in environment variables, and enterprise internal account authentication information.

In other words, this was not an attack on ordinary users, but a supply chain attack precisely targeting the developer group - and developers often hold a large number of high-value permissions.

You know, if a developer's account is stolen, it may mean:

  • Enterprise cloud resources are taken over;
  • The CI/CD pipeline is tampered with;
  • The internal code library is accessed;
  • Customer data is exposed;
  • More downstream software is infected.

Therefore, the danger level of such attacks is much higher than that of ordinary malware spread events.

Did TeamPCP reappear?

Subsequently, investigators pointed the finger at a hacker organization that had been frequently active in the past six months - TeamPCP.

Public information shows that TeamPCP launched a large number of supply chain attacks against the open-source ecosystem in the first half of 2026, and the number of affected organizations has reached hundreds. Its usual method is not to directly attack enterprise networks, but to implant malicious code into the development process by controlling open-source projects, dependency packages, and development tools.

In May this year, Microsoft's open-source project Durable Task was invaded, and at that time, the attacker successfully released three versions with malicious code. In the latest analysis, OpenSourceMalware put forward an intriguing judgment: this incident is very likely a "re-invasion" of the Durable Task project.

This means two possibilities:

First, Microsoft failed to completely remove the access permissions or backdoors left by the attacker after the first incident.

Second, Microsoft encountered another brand-new and independent attack.

Regardless of the answer, it shows that Microsoft's previous repair work may not have completely eliminated the risks.

Microsoft: Some users have received notifications

In the face of outside doubts, Microsoft subsequently issued a further statement:

"Protecting customers and the entire ecosystem is our top priority. While investigating potential malicious content, we temporarily took some repositories offline. After review, some of these repositories have been restored online, while others may remain offline until the investigation is completed."

Meanwhile, Microsoft spokesman Ben Hope also revealed that as part of the investigation, the company has notified a small number of customers who may have downloaded the content of the affected repositories: "If we find that customers need to take further actions later, we will directly contact relevant users through existing support channels."

However, as of now, Microsoft has not announced the specific number of affected people, and the outside world cannot confirm how many developers have downloaded the relevant projects and how many users may have exposed their sensitive credentials.

For developers who are using Claude Code, Gemini CLI, Cursor, or VS Code, security agencies suggest that they need to carefully evaluate the risks of directly running unknown repositories in AI assistants - don't completely relax your vigilance just because the project is from "Microsoft official", don't assume that every configuration executed by the AI Agent is safe, and don't ignore those seemingly ordinary configuration files and automation scripts in the local environment.

After all, in the era of AI development, the battlefield of supply chain attacks is no longer limited to the code repository itself, but is spreading to the entire AI development toolchain.

Participation links:

https://opensourcemalware.com/blog/miasma-reaches-azure?ref=404media.co

https://www.404media.co/microsoft-hacked-to-deliver-malware-to-claude-and-gemini-users/

This article is from the WeChat official account "CSDN", compiled by Zheng Liyuan, and published by 36Kr with authorization.

该文观点仅代表作者本人,36氪平台仅提供信息存储空间服务。

For media inquiries, interview requests, business collaboration and Recruit global ecological partners, please contact mohaiying@36kr.com.
Partner:startuprad.io

36kr Europe (eu.36kr.com) delivers global business and markets news, data, analysis, and video to the world, dedicated to building value and providing business service for companies’ global expansion.

© 2024 36kr.com. All rights reserved.