Hackers affiliated with China, Russia, and North Korea are inserting backdoors into widely-used open-source software, threatening sensitive data security for multiple organizations and governments. Research by Strider Technologies revealed that developers connected to these countries contributed to critical code bases. The reliance on community-driven updates has historically assumed goodwill, which was contradicted by attempts to implant malicious code, notably when a contributor named Jia Tan tried to embed a backdoor in XZ Utils. A significant portion of contributors to projects like openvino-genai are also linked to national security risks, raising alarms about potential espionage risks.
Chinese, Russian and North Korean-affiliated hackers are covertly working to insert backdoor hijacks and exploits into major publicly-available software used by countless organizations, developers and governments around the world.
The malicious insertions into these open-source tools could allow hackers to pilfer troves of sensitive data from governments and private sector firms.
More than 20% of the people who have contributed to openvino-genai have connections or work relationships that are considered national security risks.
One contributor, "as-suvorov," used to work for MFI Soft, a software company that the U.S. has sanctioned for its association with hardware and software development used for Russian intelligence collection.
Collection
[
|
...
]