Kevin Beaumont on Nostr: ‘They’ are very likely a multi million dollar operation - see also just the shell ...
‘They’ are very likely a multi million dollar operation - see also just the shell script analysis, before you even get to the backdoor (which is much more nuts)
https://research.swtch.com/xz-scriptThe actual SSH backdoor is cryptographically signed so only the threat actor can use it. If you work in threat intelligence and write “foreign” intelligence agency, you might want to look at your bias training.
#XZ
Published at
2024-04-02 18:16:28Event JSON
{
"id": "9a5416cac5809125f02bc47f4aa33594da6b9d216d28ecec349c1d14603dbf48",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1712081788,
"kind": 1,
"tags": [
[
"e",
"ad15144cff897cb1cadc7ccad22f576af20088be10e6d031e07842fc1d8f781e",
"wss://relay.mostr.pub",
"reply"
],
[
"t",
"xz"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/112202992059005550",
"activitypub"
]
],
"content": "‘They’ are very likely a multi million dollar operation - see also just the shell script analysis, before you even get to the backdoor (which is much more nuts) https://research.swtch.com/xz-script\n\nThe actual SSH backdoor is cryptographically signed so only the threat actor can use it. If you work in threat intelligence and write “foreign” intelligence agency, you might want to look at your bias training. \n\n #XZ",
"sig": "4b132c558358aa0b949f6bf79557e422a828323ca1e3726d774fde7bf1ba49e5c713d9b7e4917945e928150c09d3226f9fa6ab5b0d06a28e59d7aaa49e7f250e"
}
