Last week, Andres Freund, a developer working at Microsoft, found a sophisticated backdoor in xz-utils, a popular compression library. The backdoor was not only sophisticated from a technical point of view, but the threat actor had clearly prepared extensively, using social engineering to sneak the code into xz-utils and convince some Linux distributions to consider including it.

In this Wait Just an Infosec episode, our guest host Dr. Johannes Ullrich is joined by SANS Internet Storm Center Handler Bojan Zdrnja who will discuss what he learned through reverse engineering the backdoor. He will cover how the backdoor was hidden and what techniques the threat actor used to discourage reverse engineering. We will close by discussing the social engineering tactics observed and the implications for the open-source supply chain at large.

Read more about this vulnerability in the ICS Diary:
isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802