Washington Times: “New report indicates that foreign actors are secretly infiltrating software infrastructure with ill intent”
In The News
Strider
Strider’s report—Lying in Wait: Understanding the Contributors Behind Open Source Code—which details how OSS platforms are increasingly weaponized by advanced persistent threat (APT) groups at the contributor level was featured in The Washington Times.
Anecdotes in the report were discovered using Strider's new open source software screening capability, which analyzes contributors to popular OSS repositories to identify handles with direct affiliations to nation-state actors from China, Russia, and Iran.
Russian, Chinese coders secretly insert malicious code in open-source software, says new report
By: Vaughn Cockayne | August 4, 2025
As businesses and government services continue to adopt open-source software, a new report indicates that foreign actors are secretly infiltrating software infrastructure with ill intent.
According to a report from strategic intelligence company Strider, the widespread adoption of OSS has outpaced the development of relevant cybersecurity measures, allowing well-trained "advanced persistent threat groups" to insert malicious code into widely used software.
...
As an example, Strider's report cites the Log4Shell vulnerability exploitation incident from 2021, where hackers leveraged the vulnerability of OSS to execute arbitrary code. The incident led to massive data breaches and compromised systems across various sectors.
...
The Strider report sugests that businesses and government entities use a "contributor-focused approach" when structuring security measures. By focusing on who is contributing to the code used, organizations are able to make informed decisions about the software they adopt.
Read the full story here.