Techly NewsGet the app

Get the latest tech news

The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind


The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

Independent security reporter Brian Krebs writes that he could find “zero trace” of Jia Tan’s email address outside of the messages he sent to fellow open source contributors, even after scouring breached databases. The lack of any other online presence linked to Jia Tan, points towards the account being a “single-purpose invented persona” and indicates how much sophistication, patience, and thought was put into developing the backdoor, says Will Thomas, an instructor at the SANS Institute, a cybersecurity training firm. In total, Jia Tan made 6,000 code changes to at least seven projects between 2021 and February of this year, according to Michael Scott, the co-founder of the cybersecurity firm NetRise who previously worked in the Marine Corps cyberwarfare group under US Cyber Command.

Get the Android app

Or read this on Wired

Read more on:

Photo of mystery

mystery

Photo of jia tan

jia tan

Related news:

News photo

With Sora, OpenAI highlights the mystery and clarity of its mission | The AI Beat

News photo

OpenAI's Spectacular Video Tool Is Shrouded in Mystery

News photo

Mystery 'homeOS' resurfaces in tvOS developer beta

« Google to destroy billions of private browsing records to settle lawsuit
TSMC Halts Some Chipmaking, Evacuates Plants After Quake »