🤖 AI Summary
マイクロソフトが自身のリポジトリにマルウェアを配布するためにハッキングされたと報告されています。404 Mediaの記事によると、微软遭遇了自己的仓库被黑客植入恶意软件,以分发给Claude和Gemini用户
1. マイクロソフトはGitHub上の自身のリポジトリ約70を一時的に停止しました。この措置はAzureやAIコーディングツールに関連するものでした。
2. サイバーセキュリティ研究者らは、クラウド工具有りの「durabletask」リポジトリに悪意のあるコミットが送られた後、GitHubがこれらのリポジトリを一時的に停止したと報告しています。
3. その攻撃は、Claude CodeやGemini CLIなどAIコーディングツールを開くときにユーザーの資格情報を収集するための設定ファイルを植え付けるように設計されていました。
4. マイクロソフトは、「当社の優先事項は顧客と広範な生態系を保護することです。潜在的な悪意のあるコンテンツ調査中、一部のリポジトリはレビュー後に復旧されましたが、他のものについては作業が継続される場合があります」と声明を発表しました。
この事件はマイクロソフト自身のGitHubリソースに攻撃者が侵入したため、異例の事態として注目を集めています。
An anonymous reader quotes a report from 404 Media: Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers planted malware that would harvest peoples' credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers. The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised.
Last week, cybersecurity website OpenSourceMalware.com, which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories. "GitHub disabled 73 Microsoft repositories across four of its GitHub organizations -- the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps -- in a 105-second sweep on June 5," the website wrote on Friday. Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft's cloud computing arm, and some concerning AI agents. The shutdown repositories also include ones related to durabletask, a Microsoft development tool.
Researchers from StepSecurity wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote. Microsoft said in a statement: "Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels."
Read more of this story at Slashdot.