A Microsoft engineer discovered that the open source software program XZ Utils had been sabotaged by a developer, potentially creating a backdoor to millions of servers. The developer, believed to be a pseudonym for an expert hacker or group, introduced a nearly invisible backdoor into XZ. The near-miss has raised concerns about the safety of open source software and the need to protect it from well-resourced spies. Government officials and cybersecurity agencies are discussing how to better protect open source code, with calls for tech companies to contribute resources to the open source ecosystem.
Security experts are investigating the identity of "Jia Tan," the coder responsible for the XZ Utils Linux backdoor, suspecting that they may not have acted alone due to the backdoor's sophisticated design and long-term plan. Research suggests that Tan's uploads were linked to China's time zone, with some occurring during notable Chinese holidays, raising questions about their potential connections and motives.
The discovery of a backdoor in the XZ Utils compression utility has revealed a sophisticated software supply chain attack orchestrated by a mysterious figure known as Jia Tan. This individual, suspected to be a state-sponsored hacker or group, spent years building credibility in the open source community before inserting the backdoor. Despite efforts to remain anonymous, clues such as time zone discrepancies and technical hallmarks point to potential ties to Russia's APT29 hacking group. The incident underscores the growing threat of supply chain attacks and the need for heightened vigilance in open source software development.
Binarly has released an online scanner to detect Linux executables affected by the XZ Utils supply chain attack, CVE-2024-3094. The backdoor, discovered by a Microsoft engineer, was introduced in XZ version 5.6.0 and remained in 5.6.1, impacting a few Linux distributions. Binarly's scanner uses static analysis to identify tampering of transitions in GNU Indirect Function and can detect similar backdoors in other projects. The scanner is available online for unlimited free checks, with a free API for bulk scans also available.
Malicious code was discovered in the widely used XZ Utils library for Linux systems, enabling remote code execution and bypassing secure shell authentication. The backdoor was introduced by a project maintainer named Jia Tan, who gained credibility over two years and eventually added the malicious code to the XZ Utils release. The sophisticated supply chain attack highlights the potential risks associated with open-source software and the need for organizations to adopt tools and processes to identify tampering and malicious features in their development pipeline.
A backdoor was discovered in xz Utils, a widely used data compression utility in Linux and Unix-like systems, allowing unauthorized access with root privileges through SSH. The backdoor was nearly merged into major Linux distributions, and its creator, Jia Tan, has a mysterious online presence. The attack involved years of planning and manipulation of open-source projects, and the malicious code was designed to be stealthy and targeted specific system configurations. Multiple researchers have analyzed the backdoor's components, and the incident serves as a cautionary tale for the security of open-source software supply chains.
The widely used file compression software "xz utils" has been found to contain a cleverly embedded backdoor, allowing unauthorized access to shell login connections. The backdoor was discovered in versions 5.6.0 and 5.6.1, added by a GitHub user named "Jia Tan." The malicious code made its way into various Linux distributions and third-party package managers, posing a significant security risk to internet-enabled devices. The discovery has raised concerns about the security of open-source software and the potential for malicious code to be injected during the compiling process.
RedHat issued an urgent security alert after discovering a backdoor in XZ Utils versions 5.6.0 and 5.6.1, impacting major Linux distributions. The malicious code, with a maximum severity CVSS score, allows unauthorized remote access and interferes with the sshd daemon process. The compromised packages are present in Fedora 41 and Fedora Rawhide, prompting recommendations for users to downgrade to a safe version. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised users to downgrade XZ Utils to an uncompromised version.
Red Hat issued an urgent security alert warning of malicious code embedded in certain versions of XZ Utils, impacting certain Fedora Linux distribution versions and potentially allowing unauthorized access to systems. The affected versions are 5.6.0 and 5.6.1, present in Fedora 41 and Fedora Rawhide. Red Hat advised users to stop using Fedora Rawhide instances and downgrade to a safe version. No versions of Red Hat Enterprise Linux are affected, but other distributions like Debian unstable may also be impacted. CISA recommended downgrading XZ Utils to a safe version and hunting for any malicious activity.
Malicious code was discovered in the widely used xz Utils compression tool, affecting versions 5.6.0 and 5.6.1, which made its way into beta releases of major Linux distributions, including Red Hat and Debian. The backdoor was designed to break SSH authentication, potentially allowing unauthorized access to systems. While the malicious versions were caught before being added to production releases, users are advised to check with their distributors to determine if their systems are affected.
A backdoor vulnerability (CVE-2024-3094) has been found in XZ Utils, the XZ format compression utilities included in many Linux distributions, allowing unauthorized access to the entire system remotely. The malicious code was discovered in versions 5.6.0 and 5.6.1 of the xz libraries, affecting various Linux distros. Red Hat, SUSE, and Debian have released fixes, while CISA has advised downgrading to uncompromised versions and monitoring for malicious activity. Kali Linux users are urged to apply the latest updates to address the issue.
Red Hat has warned users to stop using systems running Fedora development and experimental versions due to a backdoor found in the latest XZ Utils data compression tools and libraries. The backdoor, present in XZ versions 5.6.0 and 5.6.1, could potentially enable unauthorized access to systems running affected versions. Red Hat has reverted to 5.4.x versions of XZ in Fedora 40 beta and is tracking the issue as CVE-2024-3094 with a critical severity score. Users are advised to downgrade to an uncompromised XZ version and to monitor their systems for any malicious activity.
CISA and the open source community are addressing reports of malicious code found in XZ Utils versions 5.6.0 and 5.6.1, potentially allowing unauthorized access to affected systems. Users are advised to downgrade to a secure version, such as XZ Utils 5.4.6 Stable, and to report any suspicious activity to CISA.
