Electronic Frontier Foundation
Risk of socially engineered backdoors in critical software seems like an indictment of open-source projects, but it could happen anywhere, EFF’s Molly told @theintercept - in fact, this one was found only due to the project’s open nature.
https://theintercept.com/2024/04/03/linux-hack-xz-utils-backdoor/
The Other Players Who Helped (Almost) Make the World’s Biggest Backdoor Hack

A hacker spent years ingratiating themself to a developer — then, perhaps with the help of others, injected a backdoor into their Linux code.

The Intercept
Apr 4, 2024 at 8:21pmWeb
Show threadChewieApr 4, 2024
@eff @theintercept #xzbackdoor #xzutils #xzgate
Show threadPyperkubApr 4, 2024
@eff @theintercept Exactly - see Solarwinds, or even the Microsoft o365 hack.
Show threadMatt PalmerApr 5, 2024
@pyperkub @eff @theintercept see also the North Koreans getting hired at cryptocurrency startups.
Show threadPyperkubApr 5, 2024
@womble @eff @theintercept Hmm. Hadn't heard of that - got a link?
Show threadMatt PalmerApr 5, 2024
@pyperkub https://edition.cnn.com/2022/07/10/politics/north-korean-hackers-crypto-currency-firms-infiltrate/index.html