Microsoft Shuts Down 70+ GitHub Repositories Following Malware Attack Targeting AI Coding Tools
Microsoft has taken the rare step of disabling over 70 of its own GitHub repositories including those tied to Azure and AI coding agents after discovering a data breach involving credential-stealing malware. According to cybersecurity researchers and a statement provided to 404 Media, attackers compromised repositories to distribute malicious code designed to harvest credentials when opened in AI-assisted development tools like Claude Code and Gemini CLI.
The breach’s full scope remains unclear, but researchers identified a specific compromised package linked to the attack. Microsoft’s response underscores the severity of the incident, as the company rarely takes such sweeping action against its own repositories.
Separately, surveillance firm SignalTrace has drawn attention for its product, which correlates Bluetooth and other device data with license plate readers to track individuals and their vehicles. The tool, marketed to law enforcement, raises privacy concerns by linking personal devices to physical locations.
The incidents highlight growing risks in both software supply chain security and commercial surveillance technologies. Microsoft’s investigation is ongoing.
Source: https://www.404media.co/microsoft-hacked-to-deliver-malware-to-claude-and-gemini-users/
Microsoft TPRM report: https://www.rankiteo.com/company/microsoft-security-response-center
"id": "mic1780986305",
"linkid": "microsoft-security-response-center",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology, Cloud Computing, AI',
'location': 'Global',
'name': 'Microsoft',
'size': 'Large',
'type': 'Corporation'}],
'attack_vector': 'Compromised GitHub repositories',
'data_breach': {'file_types_exposed': 'Malicious code packages',
'sensitivity_of_data': 'High (credentials for AI-assisted '
'development tools)',
'type_of_data_compromised': 'Credentials'},
'description': 'Microsoft disabled over 70 of its own GitHub repositories, '
'including those tied to Azure and AI coding agents, after '
'discovering a data breach involving credential-stealing '
'malware. Attackers compromised repositories to distribute '
'malicious code designed to harvest credentials when opened in '
'AI-assisted development tools like Claude Code and Gemini '
'CLI.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': 'Credentials',
'identity_theft_risk': 'High (credential theft)',
'operational_impact': 'Disabling of over 70 repositories',
'systems_affected': 'GitHub repositories (Azure, AI coding '
'agents)'},
'initial_access_broker': {'entry_point': 'GitHub repositories',
'high_value_targets': 'AI coding tools (Claude '
'Code, Gemini CLI)'},
'investigation_status': 'Ongoing',
'motivation': 'Credential theft',
'references': [{'source': '404 Media'}],
'response': {'communication_strategy': 'Statement provided to 404 Media',
'containment_measures': 'Disabling compromised repositories',
'incident_response_plan_activated': 'Yes'},
'title': 'Microsoft GitHub Repositories Malware Attack Targeting AI Coding '
'Tools',
'type': 'Data Breach, Malware Distribution'}