CISA Warns of Backdoor Threat in Open-Source Linux Tool

The Cybersecurity and Infrastructure Security Agency has urged software developers and users to downgrade the XZ Utils open-source Linux file compression and transfer capability to older versions, warning that the tool’s updates include a malicious code that provides hackers a backdoor to bypass Secure Shell authentication and access affected systems.

A malicious actor with suspected ties to a nation-state cyber collective planted the self-installation script in a Feb. 23 tool update, enabling the vulnerability to be automatically installed into production versions of Ubuntu, a Linux distribution that major companies used in IT stacks, Nextgov/FCW reported. 

GitHub has already disabled the repository containing the exploit and begun assessing how the code was integrated into Linux offerings. According to an Ubuntu maintainer, the malicious actor is a user who contributed to the XZ Utils build for two years. 

In an alert issued on Friday, CISA advised developers and users to monitor and detect any malicious activity and report positive findings to the agency.

A Politico report indicated that the FBI and the National Security Agency will likely investigate the cyber incident.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now