Microsoft temporarily removed 73 repositories across its Azure, microsoft, Azure-Samples and MicrosoftDocs GitHub organizations on June 5 after concerns that they contained malicious content, briefly breaking developer workflows that depended on an Azure Functions action.
KEY FACTS
- Scope The removals affected 73 repositories and disrupted continuous integration pipelines.
- Impact Access to Azure/functions-action was disabled, causing some workflows to fail.
- Timeline Microsoft said the issue was contained in 105 seconds and later restored the repositories.
- Context Researchers linked the incident to a Miasma and Shai-Hulud supply-chain campaign.
Microsoft said the repositories were removed because of concerns about potential malicious content, and later told users in a community discussion that an internal management issue was under investigation. GitHub also displayed a notice saying the action was taken due to a violation of GitHub’s terms of service.
The immediate effect was to break projects that referenced the affected Azure Functions action, since GitHub could not resolve the repository at build time. That led to outages and confusion for some developers.
A technical analysis from Cloudsmith said the Azure environment on GitHub and the durabletask repository were compromised through Miasma, which targeted AI coding tools. The report also said the campaign moved from Red Hat’s npm packages to Microsoft’s resources on GitHub.
Microsoft later said it had notified a small number of customers who may have pulled content from the affected repositories. The company said it would continue to investigate and contact customers directly if further action is needed.
Open-source supply chain attacks continue to affect developer tools and package ecosystems, and the incident showed how quickly a repository removal can interrupt builds when it involves widely used automation components.
WHY IT MATTERS
The case highlights the operational risk of supply-chain incidents inside major code hosting platforms, where a short-lived disruption can still halt deployment pipelines. It also shows that developers may need tighter dependency controls and isolated testing when widely used packages or actions are involved.