A Microsoft employee who decided to investigate after he noticed some software acting strangely has been credited with preventing a major cybersecurity breach that could have impacted millions of servers.
Andres Freund, a German software developer, was using the open source XZ Utils software program when he noticed that secure shell (SSH) logins were failing and using a lot of CPU power, he said on X last month. He then noticed slower logins as well.
XZ was maintained by Lasse Collin, who seemed to be struggling with poor mental health and confirmed a partnership with an entity named Jia Tan in 2022 and 2023, according to Reuters. However, Tan is believed to have created a possible space for exploits, or a ‘backdoor’ in XZ that could have hit all those using the latest version of the program on a widespread basis, per the outlet.
It is not yet confirmed whether the cyber-attack was backed by a nation-state or non-state actors, as officials are still studying the incident.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
The discovery won Freund praise from his employer, as well as the tech community at large.
“Love seeing how @AndresFreundTec, with his curiosity and craftsmanship, was able to help us all. Security is a team sport, and this is the culture we need everywhere,” posted Microsoft chief Satya Nadella on X on April 1.
The breach has made more people wary of the risks of accessible, open source software that is not controlled or maintained by a centralised authority.
Freund, however, noted on X this month that even some “large and crucial projects” could have been similarly targeted by malicious actors making changes to the service.
(With insights from Reuters)
Email