🤖 AI Summary
MicrosoftはGitHubの一部レポジトリを停止し、AIコーディングツール(Claude CodeやGemini CLIなど)を使用するユーザーに対してマルウェアを配布していた可能性があると報告されています。セキュリティ研究者が推測するところによると、ハッカーが特定のパッケージに悪意のあるコードを注入し、人々のログイン情報を見つけ出すために使用しました。
Microsoftは自身の70以上のレポジトリを停止し、一部は調査終了後再開されたものの、他のものについては引き続き停止していると述べています。GitHubは5月6日に105秒で73のMicrosoftのレポジトリを一斉に無効にしたと報告しています。
この攻撃は、durabletaskレポジトリへの悪意のあるコミットが発生した後に行われたもので、Claude CodeやGemini CLI、Cursor、VS Codeなどでこれらのリポジトリを開いたユーザーのログイン情報を収集するために配置された設定ファイルが含まれているとStepSecurityは指摘しています。
Microsoftは「顧客および更なる生態系を保護することが最優先です。潜在的な悪意のあるコンテンツがある場合、一部のレポジトリを一時的に削除しました。調査終了後、いくつかのリポジトリは復旧されていますが、他のものについては引き続き停止している場合があります」と述べています。
An anonymous reader quotes a report from 404 Media: Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers planted malware that would harvest peoples' credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers. The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised.
Last week, cybersecurity website OpenSourceMalware.com, which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories. "GitHub disabled 73 Microsoft repositories across four of its GitHub organizations -- the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps -- in a 105-second sweep on June 5," the website wrote on Friday. Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft's cloud computing arm, and some concerning AI agents. The shutdown repositories also include ones related to durabletask, a Microsoft development tool.
Researchers from StepSecurity wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote. Microsoft said in a statement: "Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels."
Read more of this story at Slashdot.
ログイン
