Skip to main content
We may receive compensation from affiliate partners for some links on this site. Read our full Disclosure here.

“Near-Miss” Cyberattack Rattles U.S. Officials And Tech Insiders, Are YOU Compromised?


Well, this is incredibly concerning. Is YOUR system safe?

We live in an age where both the bounties and perils are unparalleled. We have abundance like we have never seen before, but everything is also far more connected.

This complex web we know as the internet has multiplied our wealth, but it has also multiplied the threats lurking beneath cleverly designed user interfaces and sophisticated computer code.

A recent ‘near-miss’ cyberattack has tech professionals and U.S. officials spooked due to the sophistication of the hack and the length of time the compromised code was deployed on the web.

The hack affected XZ Utils, a little-known compression program operating on the Linux platform, and all Linux operating systems running the code.

At the center of the nearly catastrophic cyberattack is a mysterious figure known only as ‘Jia Tan.’ Tan was originally hired to be a helping hand for the main developer of UZ Utils.

UZ Utils is open-source software that relies on scores of unpaid volunteers collaborating online to maintain the program.

After two years of Tan contributing to the project, it was discovered that the rogue software developer snuck their own compromised code into the UZ Utils program.

ADVERTISEMENT

This code created a backdoor to millions of servers on the internet and was only discovered after a curious developer, named Andres Freund, noticed that the unassuming program was using far too much processing power.

Upon closer inspection, Freund discovered the cleverly hidden code and the backdoor it created. The online coding and developer community rushed to dissect the code and provide more answers:

Ethical hacker Kostas implored other users to check their systems for the compromised software:

“Regarding the xz backdoored binary, see the one-liner below to check the version you have installed. I wouldn’t suggest folks running the malicious binary with -v option.

For xz_p in $(type -a xz | awk ‘{print $NF}’ | uniq); do strings “$xz_p” | grep “xz (XZ Utils)” || echo “No match found for $xz_p”; done. Some systems might have two different versions installed (i.e. if you have homebrew).

The above command will check both. You can run the which command if you want to see which binary would run by default upon being called interactively. Good luck!”

According to Reuters:

ADVERTISEMENT

Tan did not return messages sent to his Gmail account. Reuters has been unable to ascertain who Tan is, where he is, or who he was working for, but many of those who’ve examined his updates believe Tan is a pseudonym for an expert hacker or group of hackers — likely one working on behalf of a powerful intelligence service.

Silas Cutler, a hacker and researcher, provided this update in the aftermath of the hack in a lengthy X social thread. If your system is compromised make sure to correct the issue.

WIRED conducted its own investigation in an attempt to reveal the identity of Tan:

At a glance, Jia Tan certainly looks East Asian—or is meant to.

The time zone of Jia Tan’s commits are UTC+8: That’s China’s time zone, and only an hour off from North Korea’s.

However, an analysis by two researchers, Rhea Karty and Simon Henniger, suggests that Jia Tan may have simply changed the time zone of their computer to UTC+8 before every commit.

ADVERTISEMENT

In fact, several commits were made with a computer set to an Eastern European or Middle Eastern time zone instead, perhaps when Jia Tan forgot to make the change.



 

Join the conversation!

Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!

Leave a comment
Thanks for sharing!