For over six years now, Kaspersky’s Global Research and Analysis Team (GReAT) has been sharing quarterly updates on advanced persistent threats (APTs). These summaries draw on our threat intelligence research, offering a representative overview of what we’ve published and discussed in more detail in our private APT reports. They’re designed to highlight the key events and findings that we think people should know about.
In this latest installment, we focus on activities that we observed during Q2 2024.
Readers who would like to learn more about our intelligence reports or request more information about a specific report, are encouraged to contact [email protected].
Most notable findings
In March, a backdoor was discovered in XZ, a compression utility integrated into many popular distributions of Linux. The backdoored library
liblzma is used by the OpenSSH server process sshd. OpenSSH is patched to use systemd features on a number of systemd-based distributions, including Ubuntu, Debian and RedHat/Fedora Linux, and therefore depends on this library (Arch Linux and Gentoo are not affected). The code was inserted in February and March 2024, mostly by Jia Cheong Tan – probably a fictitious identity. The likely goal of the attack was to introduce exclusive remote code execution capabilities into the sshd process by targeting the XZ build process, and then to push the backdoored code to major Linux distributions as a part of a large-scale supply-chain attack. The attackers used social engineering to gain prolonged access to the source/development environment, and extended that access by faking human interactions in plain sight to build credibility for introducing the malicious code.There are two levels at which the backdoor in the
liblzma library was introduced. The sour ..Support the originator by clicking the read the rest link below.
