xz is the compromised package, but it in turn compromises ssh authentication
In turn it compromises ssh authentication allows remote code execution via system(); if the connecting SSH certificate contains the backdoor key. No user account required. Nothing logged anywhere you'd expect. Full root code execution.
It's pretty clear this is a state actor, targeting a dependency of one of the most widely used system control software on Linux systems. There are likely tens or hundreds of other actors doing the exact same thing. This one was detected purely by chance, as it wasn't even in the code for ssh.
If people ever wonder how cyber warfare could potentially cause a massive blackout and communications system interruption - this is how.
What is the name of the software that is affected??
Hard to tell from first glance but my guess would be this is fallout from the ongoing
xz
drama. Here: https://www.openwall.com/lists/oss-security/2024/03/29/4Also: https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
xz is the compromised package, but it in turn compromises ssh authentication
In turn it
compromises ssh authenticationallows remote code execution via system(); if the connecting SSH certificate contains the backdoor key. No user account required. Nothing logged anywhere you'd expect. Full root code execution.There is also a killswitch hard-coded into it, so it doesn't affect machines of whatever state actor developed it.
It's pretty clear this is a state actor, targeting a dependency of one of the most widely used system control software on Linux systems. There are likely tens or hundreds of other actors doing the exact same thing. This one was detected purely by chance, as it wasn't even in the code for ssh.
If people ever wonder how cyber warfare could potentially cause a massive blackout and communications system interruption - this is how.
You mean thousands?
That was supposed to be or, not of.
Microsoft Edge.