← Back to Intel Feed Snapshot (2026-07-02)

On June 5, 2026, threat actor TeamPCP deployed the Miasma worm, a self-replicating supply chain malware targeting Microsoft’s GitHub infrastructure. The attack exploited the integration of AI coding agents within VS Code to execute malicious payloads immediately upon workspace initialization, bypassing traditional dependency installation triggers. This automated execution vector enabled the disabling of 73 Microsoft-owned repositories in 105 seconds. The worm specifically targeted Azure Functions and GitHub Actions, exfiltrating GitHub tokens that exhibited extreme persistence, surviving full machine rebuilds to maintain unauthorized access to cloud automation services.

  • Incident Overview: Rapid Scale Destruction

    • Target: Microsoft's GitHub infrastructure and associated cloud automation services.
    • Impact: 73 repositories disabled in a high-velocity window of 105 seconds.
    • Primary Vector: Contaminated project folders weaponized via AI coding agent integrations in IDEs.
  • Attack Mechanics: AI-Driven Execution

    • Trigger Shift: Moved away from traditional npm install or pip install triggers to "on-open" workspace events.
    • AI Agent Weaponization: Leveraged AI coding agents within VS Code to trigger payloads automatically during project initialization.
    • Automation: High-velocity replication enabled the worm to propagate and disable repositories at machine speed.
  • Persistence & Lateral Movement: Token Hijacking

    • Credential Theft: Exfiltrated GitHub tokens to maintain persistent access to sensitive repositories.
    • Persistence Anomaly: Tokens demonstrated the ability to survive complete machine rebuilds, suggesting deep integration or cloud-side persistence.
    • Cloud Exploitation: Used hijacked tokens to target and manipulate Azure Functions and GitHub Actions pipelines.
  • Systemic Security Impact: The New AI Surface

    • Vulnerability Surface: Identified a critical gap where AI IDE plugins bypass traditional security checkpoints during workspace loading.
    • Supply Chain Shift: Demonstrated that AI-integrated development environments introduce a new, high-risk execution vector for malware.
    • CI/CD Risk: Highlighted the danger of automated cloud services (GitHub Actions) being used as force multipliers for destruction.
  • Defensive Implications & Mitigation

    • IDE Hardening: Requirement for stricter execution permissions for AI agents during the workspace initialization phase.
    • Secret Management: Urgent need for shorter token lifespans and the implementation of hardware-bound secrets to prevent persistence.
    • Monitoring: Implementation of anomaly detection for mass repository modifications or deletions within cloud-native environments.

Related posts

  1. NSFOCUS — AI Security Incident Case: Miasma Worm Attacked Microsoft GitHub
  2. Thehackernews
  3. Stepsecurity
  4. Redmondmag
  5. Safedep
  6. Labs
  7. Dataminr
  8. Dev
  9. Harpycloudsolutions
  10. Informationsecuritybuzz

LINK COPIED TO CLIPBOARD