GitHub disables Microsoft repos pushing password-stealing malware
Summary
GitHub has disabled 73 Microsoft repositories on its platform, which were being used to distribute malware that steals user credentials. The compromised repositories were integrated into continuous integration pipelines and used to deliver malicious payloads.
IFF Assessment
FOE
The discovery of malware stealing credentials within legitimate Microsoft repositories poses a direct threat to users and systems, indicating a successful compromise and exfiltration risk.
Defender Context
This incident highlights the risks associated with supply chain attacks and the importance of scrutinizing code and integrations, even from trusted vendors. Defenders should be vigilant about the security of their CI/CD pipelines and implement robust code scanning and validation processes.