BLOG

Miasma Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds

A TOU violation triggered repos for Microsoft and Azure to go down for investigations - signs point to Miasma

By c0a15726-c5b1-4b0d-85e6-fe15553df9e2 ·

Miasma Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds

Sometime on June 5, Microsoft's own repositories started going dark on GitHub. Visit a long list of them right now and you don't get code — you get a gray box: "This repository has been disabled. Access to this repository has been disabled by GitHub Staff due to a violation of GitHub's terms of service." GitHub doesn't hand that notice to Microsoft lightly, and it doesn't hand out seventy of them by accident.

Which repos were taken down?

This isn't a single repo, or a dozen. It's 73 repositories spread across four of Microsoft's GitHub organizationsAzure, Azure-Samples, microsoft, and MicrosoftDocs — and they all went down inside the same 105-second window: every timestamp falls between 16:00:50 and 16:02:35 UTC on June 5, all flagged tos. That is not a human clicking through repos. That is GitHub's automated abuse machinery flipping the lights off across four orgs at once.

The Azure org took the brunt — 49 repos, essentially everything the Functions team ships:

  • The runtime itselfazure-functions-host, azure-webjobs-sdk, azure-webjobs-sdk-extensions, azure-functions-language-worker-protobuf.

  • Every language worker — Node.js, Python, Java, PowerShell, .NET, and Go workers, plus their client libraries and OpenTelemetry packages.

  • Tooling and distributionazure-functions-core-tools, azure-functions-docker, homebrew-functions (the Homebrew tap), azure-functions-templates, azure-functions-extension-bundles, azure-functions-tooling-feed.

  • Both deploy actionsfunctions-action and functions-container-action.

  • The whole extension/binding family — Kafka, RabbitMQ, SQL, OpenAI, MCP, connectors, and the durable extensions.

  • The AI/agent lineazure-functions-agents-runtime, azure-functions-skills, azure-functions-openai-extension.

  • Logic Apps connector SDKs — the .NET, language-server, Node.js, and Python connector SDKs.

But the part that should make you sit up is what happened outside the Azure org. In the `microsoft` org, the entire Durable Task family went dark in the same window — durabletask-dotnet, durabletask-go, durabletask-java, durabletask-js, durabletask-mssql, durabletask-netherite, durabletask-protobuf, and DurableFunctionsMonitor — right alongside Azure/durabletask itself. The package that was recompromised (more on that below) is sitting at the center of the single biggest cluster in this incident.

`Azure-Samples` lost 13 repos, heavily weighted toward AI and agents: azure-search-openai-demo-purviewdatasecurity, rag-postgres-openai-python, azure-container-apps-multi-agent-workflow, both openai-chat-app-entra-auth-* demos, llm-fine-tuning, and the functions-connectors-* samples. A few outliers round it out — microsoft/Microsoft-Performance-Tools-Apple, microsoft/secure-azureai-agent, Azure/sonic-gnmi.msft (SONiC networking), Azure/checkaccess-v2-go-sdk, and even MicrosoftDocs/windows-driver-docs — which tells you the enforcement was scoped by org and ownership, not surgically to one compromised team. The full list is at the bottom of this post.

Most of those are inconvenient. One is a fire. functions-action isn't a library you can pin around — it's the action that runs inside other people's pipelines. When GitHub disabled it (and functions-container-action alongside it), every workflow on Earth that references Azure/functions-action@v1 stopped resolving.

Big thanks to Graham Gold for collecting the repos for me. Cheers!

durabletask seems to be compromised again

If durabletask sounds familiar, it should. This is a re-compromise. On May 19, three malicious versions (1.4.1, 1.4.2, 1.4.3) of the durabletask PyPI package — Microsoft's official Azure Durable Task SDK, pulling roughly 417,000 downloads a month — were pushed straight to PyPI inside a 35-minute window, with no matching tags, releases, or CI runs in the GitHub repo. Wiz, Endor Labs, and StepSecurity all traced it back to stolen GitHub Actions secrets and tied it to TeamPCP. The packages were yanked within hours.

A month later, not only is Azure/durabletask gone — so is every sibling repo in the Durable Task ecosystem, sitting one org over in microsoft: the .NET, Go, Java, JS, MSSQL, Netherite, and protobuf implementations, plus the Durable Functions monitor. When the repo at the root of last month's compromise is the hub of this month's takedown, that is not a coincidence — that is the same wound reopening. Whoever held those credentials in May plausibly never fully lost them.

The CI fallout from shutting down repos

Developers noticed before Microsoft said anything. A Microsoft Learn thread opened June 5 puts it plainly: "The repository https://github.com/Azure/functions-action is currently disabled, preventing any github actions that use `Azure/functions-action@v1` from working." Ten-plus engineers piled in with the same broken builds.

This is the mutable-tag tax. @v1 floats — whatever GitHub serves for that tag is what runs in your pipeline — so when the source disappears, so does your deploy. A pinned commit SHA would at least fail loudly and predictably; a floating tag just evaporates.

Microsoft's response did not inspire confidence. A staffer first guessed the repo was pulled for "GitHub policy violations (malware, phishing, copyright infringement, abuse, or export-control violations)," then revised twelve minutes later: "The Azure/functions-action GitHub repository is disabled due to an internal management issue. As this issue is currently under investigation, alternative deployment methods are recommended during this period such as Azure CLI, Azure DevOps Pipelines, VS Code deployment, Zip Deploy, or Azure Pipelines instead of GitHub Actions." An "internal management issue" is a strange way to describe a banner that says terms of service violation — and a stranger reason to tell customers to abandon GitHub Actions.

Can we connect this to other recent events?

In May, TeamPCP open-sourced the Mini Shai-Hulud toolkit — turning a tier-one supply chain weapon into something any motivated copycat can run. On June 1, Aikido and OX Security disclosed the first big result: Miasma, a rebrand of Mini Shai-Hulud that infected 32 packages across the @redhat-cloud-services npm namespace. The detail that matters here is what the variant added: dedicated Azure and GCP credential collectors. Earlier Shai-Hulud strains went after AWS and GitHub; this one reaches for Azure CLI auth caches and managed-identity tokens.

It also propagates in a way that fits a four-org takedown: the worm creates public GitHub repositories (described "Miasma: The Spreading Blight") and commits harvested secrets as JSON into the victim's own account. That kind of mass attacker-created-repo activity is what trips GitHub's automated terms-of-service enforcement, and an automated trip is consistent with a 105-second sweep across Azure, microsoft, and Azure-Samples. None of that confirms anything — but a credential-harvesting worm that just added Azure collectors is a reasonable thing to have in mind while this plays out.

And the limits of the theory: the worm's confirmed June 1 hit was Red Hat's npm packages, not Azure — connecting it to this June 5 sweep is circumstantial until someone gets inside those repos. But it is the worm we warned would keep mutating, now carrying Azure collectors, and Azure is where the lights just went out.

Whatever this is, its big enough to make Microsoft break builds globally

This might not be a worm, but regardless of what it is, it scared Microsoft enough to get them to disable 73 important repos. This response broke continuous integration pipelines globally for anyone using any of these GitHub Actions. That is the takeaway here: This is a big freaking deal.

What to do right now

  1. Stop floating your Azure actions. Pin Azure/functions-action and friends to a full commit SHA, not @v1. When mutable tags vanish, pinned SHAs at least fail predictably.

  2. Rotate anything an Azure-aware stealer would want. Azure CLI tokens and managed-identity credentials, GitHub Actions OIDC, plus any npm and PyPI publish tokens reachable from your workflows.

  3. Hunt your own org. Search for unexplained public repos, especially anything described "Miasma: The Spreading Blight," and for secrets committed as JSON to accounts that shouldn't be holding them.

  4. Check install hooks. Look for preinstall scripts invoking Bun against an obfuscated _index.js loader — Miasma's execution signature.

  5. Deploy another way for now. Until functions-action is restored, Microsoft's own advice stands: Azure CLI, Azure DevOps, or Zip Deploy.

Appendix: disabled repositories

All 73 of the following were flagged tos with disabled_at timestamps between 16:00:50 and 16:02:35 UTC on June 5, 2026. Snapshot as of publication; the list may still be growing.

`Azure` (49)

azure-functions-agents-runtime          azure-functions-connector-extension
azure-functions-core-tools              azure-functions-docker
azure-functions-dotnet-extensions       azure-functions-dotnet-worker
azure-functions-durable-extension       azure-functions-durable-js
azure-functions-durable-powershell      azure-functions-durable-python
azure-functions-extension-bundles       azure-functions-golang-worker
azure-functions-host                    azure-functions-java-library
azure-functions-java-worker             azure-functions-kafka-extension
azure-functions-language-worker-protobuf azure-functions-mcp-extension
azure-functions-nodejs-e2e-tests        azure-functions-nodejs-library
azure-functions-nodejs-opentelemetry    azure-functions-nodejs-worker
azure-functions-openai-extension        azure-functions-powershell-library
azure-functions-powershell-opentelemetry azure-functions-powershell-worker
azure-functions-python-extensions       azure-functions-python-library
azure-functions-python-worker           azure-functions-rabbitmq-extension
azure-functions-skills                  azure-functions-sql-extension
azure-functions-templates               azure-functions-tooling-feed
azure-functions-vs-build-sdk            azure-webjobs-sdk
azure-webjobs-sdk-extensions            azure-websites-security
checkaccess-v2-go-sdk                   Connectors-NET-LSP
Connectors-NET-Samples                  Connectors-NET-SDK
Connectors-NodeJS-SDK                   connectors-python-sdk
durabletask                             functions-action
functions-container-action              homebrew-functions
sonic-gnmi.msft

`microsoft` (10)

DurableFunctionsMonitor    durabletask-dotnet     durabletask-go
durabletask-java           durabletask-js         durabletask-mssql
durabletask-netherite      durabletask-protobuf
Microsoft-Performance-Tools-Apple                 secure-azureai-agent

`Azure-Samples` (13)

azure-ai-content-understanding-python   azure-container-apps-multi-agent-workflow
azure-container-apps-sandboxes          azure-functions-java-flex-consumption-azd
azure-functions-nodejs-opentelemetry-samples
azure-search-openai-demo-purviewdatasecurity
functions-connectors-python             functions-connectors-typescript
llm-fine-tuning                         openai-chat-app-entra-auth-builtin
openai-chat-app-entra-auth-local        rag-postgres-openai-python
tutor

`MicrosoftDocs` (1)

windows-driver-docs