Techly NewsGet the app

Get the latest tech news

Supply Chain Attacks on Linux Distributions


ve been a trendy topic in the past years. Rather than directly attacking their primary target, attackers infiltrate less secure assets, such as software depenencies, firmware, or service providers, to introduce malicious code.

More recently, in March 2024, a “Jia Tan” carried out a supply chain attack on several Linux distributions by compromising an important upstream dependency called XZ Utils. The resources needed to perform such an attack are substantial: it required real and credible development work over three years to become a maintainer of a software component of the target, with a high risk of detection. A great example of that is the recent addition of package attestations to PyPy, designed / funded by the Sovereign Tech Agency and the Google Open Source Security Team, and implemented by Trails of Bits.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of supply chain attacks

supply chain attacks

Photo of linux distributions

linux distributions

Related news:

News photo

A Study of Malware Prevention in Linux Distributions

News photo

Five ways AI is helping to reduce supply chain attacks on DevOps teams

« Pixel 9a: The latest A-series phone with Google AI smarts at an unbeatable value
How I got 100% off my train travel »