On March 29, 2024, a backdoor was discovered in XZ, a Linux compression utility, on the Openwall OSS-security mailing list. The backdoor, potentially aimed at introducing remote code execution capabilities to OpenSSH servers, was a multi-stage operation that nearly compromised SSH servers globally. The attack included modifying build infrastructure to smuggle malicious components into Linux repositories, with major vendors unknowingly distributing the compromised software. The complexity of the backdoor’s implementation and its stealthy nature made it difficult to detect. Kaspersky identified the attack, with indicators of compromise related to the backdoor. Part I of the XZ backdoor series ends here, promising further exploration of the backdoor’s intricacies.
https://securelist.com/xz-backdoor-story-part-1/112354/