Nextgov/FCW: “Foreign adversaries are trying to weaponize open-source software, report finds”
In The News
Strider
Strider’s report—Lying in Wait: Understanding the Contributors Behind Open Source Code—which details how OSS platforms are increasingly weaponized by advanced persistent threat (APT) groups at the contributor level was featured in Nextgov/FCW.
Anecdotes in the report were discovered using Strider's new open source software screening capability, which analyzes contributors to popular OSS repositories to identify handles with direct affiliations to nation-state actors from China, Russia, and Iran.
Foreign adversaries are trying to weaponize open-source software, report finds
Hacking units affiliated with nation-state adversaries are subtly contributing to open-source software tools and working to insert backdoors into publicly available code used by millions worldwide, new research says.
By: David DiMolfetta | August 4, 2025
Chinese, Russian and North Korean-affiliated hackers are covertly working to insert backdoor hijacks and exploits into major publicly-available software used by countless organizations, developers and governments around the world, according to findings released Monday by Strider Technologies.
The malicious insertions into these open-source tools could allow hackers to pilfer troves of sensitive data from governments and private sector firms, according to Strider, which analyzed open-source code contributors who have direct affiliations with foreign adversaries.
...
Historically, community practices have operated under the premise that all contributors are benevolent. But that notion was challenged last February when a user dubbed “Jia Tan” tried to quietly plant a backdoor into XZ Utils, a file transfer tool used in several Linux builds that power software in leading global companies.
Strider, a strategy intelligence firm that tracks economic espionage, said it used an open-source software screening tool and identified handles with affiliations to countries like China and Russia.
...
“Open source software platforms are the backbone of today’s digital infrastructure, yet in many cases it’s unclear even who is submitting the code,” Greg Levesque, CEO and co-founder of Strider, said in a statement. “In turn, nation-states like China and Russia are exploiting this visibility gap. Individuals are lying in wait, building credibility in the ecosystem with the power to introduce malicious code with devastating downstream effects.”
Read the full story here.