XZ Opensource Supply Chain Threat Intelligence Briefing

On March the 29th a Microsoft engineer accidently discovered a backdoor that had been intentionally added to XZ utils software project, an open-source data compression utility that is used in almost all Linux distributions. The backdoor had been deliberately planted by a developer in the project. This developer had joined the project two years earlier and over the course of the two years earned the trust of the project maintainer by contributing bug fixes and code improvements to the project. Leveraging this trust and having been given the ability to directly approve code changes to the project the developer inserted the backdoor in February of this year.

Introduction

Please provide your details to view our paper

XZ Opensource Supply Chain Threat Intelligence Brief April 2024 //

Read our latest Strategic Threat Intel Report

Download Report