Cyber Threat Report: 'Alert: CVE-2024-3094, a serious backdoor in XZ Utils, permits RCE'
| Report Author | Vulcan |
|---|---|
| Publication Date | 2024-03-31 |
| Original Reporting | Source |
| Identified CVEs | CVE-2024-3094 |
| Victim Sectors | Technology |
This alert from Vulcan's Voyager18 team outlines a potential supply chain attack against the XZ Utils package for multiple Linux distributions. Captured as CVE-2024-3094, the alert describes how a contributor known as 'JiaT75' allegedly added code to the XZ code to target SSH interactions and effectively create a 'backdoor' into compromised systems.
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph