all InfoSec news
XZ Trojan highlights software supply chain risk posed by 'sock puppets'
Malware Analysis, News and Indicators - Latest topics malware.news
The high-profile compromise of the XZ Utils open-source compression library, disclosed last week, highlights an under-reported threat: social engineering attacks that target open-source package maintainers and other developers to stage software supply chain attacks.
The coordinated social engineering campaign targeting XZ Utils' longtime maintainer, Lasse Collin, featured several presumably phony “sock puppet” developer accounts that carried out a pressure campaign aimed at getting Collin to allow code contributions from Jia Tan (JiaT75), a developer account that had become an …
attacks campaign compression compromise coordinated developers engineering featured high library maintainer maintainers package profile risk social social engineering social engineering attacks sock software software supply chain software supply chain attacks software supply chain risk stage supply supply chain supply chain attacks supply chain risk target targeting threat trojan under week xz utils