Get the latest tech news
XZ Utils Attack: A Threat Actor Spent 2 Years to Implement Linux Backdoor
Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat.
A threat actor quietly spent the last two years integrating themself in the core team of maintainers of XZ Utils, a free software command-line data compressor widely used in Linux systems. Martin Zugec, technical solutions director at Bitdefender, said in a statement provided to TechRepublic that “this appears to be a meticulously planned, multi-year attack, possibly backed by a state actor. In the XZ Utils case, it is very different because the threat actor carefully managed to gain the trust of legitimate developers and become one of the maintainers of the tool, allowing him to slowly push different vulnerable parts of code into the software without being noticed.
Or read this on Hacker News
/cdn.vox-cdn.com/uploads/chorus_asset/file/25378786/1246956517.jpg)