Comunicati Stampa
Information Technology

Lying in Wait: New Strider Report Finds High-Risk Contributors Connected to Adversarial Nation-States in Open Source Software Ecosystems

Strider's report—Lying in Wait: Understanding the Contributors Behind Open Source Code—details how OSS platforms are increasingly weaponized by advanced persistent threat (APT) groups at the contributor level. Through subtle code contributions, the insertion of backdoors, and the exploitation of trusted software components, these actors can embed threats into software pipelines used by corporations, developers, and governments alike. Strider'sreport — Lying in Wait: Understanding the...
SALT LAKE CITY, (informazione.news - comunicati stampa - information technology)

Strider's report— —details how OSS platforms are increasingly weaponized by advanced persistent threat (APT) groups at the contributor level. Through subtle code contributions, the insertion of backdoors, and the exploitation of trusted software components, these actors can embed threats into software pipelines used by corporations, developers, and governments alike.

"Open source software platforms are the backbone of today's digital infrastructure, yet in many cases it's unclear even who is submitting the code," "In turn, nation-states like China and Russia are exploiting this visibility gap. Individuals are lying in wait, building credibility in the ecosystem with the power to introduce malicious code with devastating downstream effects. Our research reveals that a focus on who contributes the code, in addition to what the code does, is imperative for organizations to make informed decisions about the trustworthiness of their systems."

State-sponsored cyber threat groups, like APT41 (PRC), Lazarus Group ( North Korea ), and Cozy Bear ( Russia ), have exploited OSS platforms to further their governments' strategic objectives. These actors have become active contributors who subvert the openness of these platforms to infiltrate the software supply chain, steal sensitive data, and enable long-term cyber-espionage campaigns. Several high-profile incidents in recent years—such as the (PyPl) supply chain attack, the vulnerability exploitation, and the backdoor incident—illustrate this trend.

Using its new open source software screening capability, Strider analyzed contributors to popular OSS repositories. This analysis identified handles with direct affiliations to nation-state actors from China , Russia , and Iran . Anecdotes include:

The full report can be found here. Information on Strider's Open Source Software Search tool can be found here.

Strider is the leading strategic intelligence company empowering organizations to secure and advance their technology and innovation. Leveraging cutting-edge AI technology alongside proprietary methodologies, Strider transforms publicly available data into critical insights. This increased intelligence enables organizations to proactively address and respond to risks associated with state-sponsored intellectual property theft, targeted talent acquisition, and third-party partners. Strider has operations in 15 countries around the globe with offices in Salt Lake City, Washington , DC, London , and Tokyo .

View original content:https://www.prnewswire.co.uk/news-releases/lying-in-wait-new-strider-report-finds-high-risk-contributors-connected-to-adversarial-nation-states-in-open-source-software-ecosystems-302520173.html

Ufficio Stampa
 PR Newswire (Leggi tutti i comunicati)
209 - 215 Blackfriars Road
LONDON United Kingdom
Allegati
Non disponibili