A senior researcher at GitHub Security Lab confirmed that North Korean hackers spent weeks preparing their attack on XZ Utils, a widely used open source compression library. The hackers gained access to the project through a compromised developer account, allowing them to insert malicious code into software updates distributed globally. The breach affected versions 5.6.0 and 5.6.1 of XZ Utils, which are integrated into many Linux distributions and other software systems. The compromised updates were pushed on March 26 and 29, according to the researcher’s timeline. The hackers’ goal appears to be creating a backdoor for future exploitation rather than immediate disruption. The incident has prompted urgent warnings from cybersecurity agencies worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on April 5, urging organizations to revert to previous versions of XZ Utils and scan their systems for signs of compromise. The compromised developer, identified as Jia Tan, had been contributing to XZ Utils since 2021 and was added as a maintainer in January 2024. Security teams are investigating how Tan’s account was breached, though early evidence suggests social engineering or credential theft. The attack highlights the risks of supply chain compromises in open source software, where a single compromised developer can affect millions of users. Companies like Red Hat and Debian have already issued patches and mitigation steps for their users.
Source: techcrunch.com