Close Menu
Firearms Forever
  • Home
  • Hunting
  • Guns
  • Defense
  • Videos
Trending Now

First Look: Watchtower Firearms Demolitia Blackout Edition

August 5, 2025

Marine Raider TAKES DOWN a Billion Dollar West-Africa Drug Op—and Barely Escapes Alive

August 5, 2025

5 Useful Pieces of Gear for Every Saddle Hunter

August 5, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Firearms Forever
SUBSCRIBE
  • Home
  • Hunting
  • Guns
  • Defense
  • Videos
Firearms Forever
Home»Defense»Malicious states are working to weaponize open-source software: report
Defense

Malicious states are working to weaponize open-source software: report

Tim HuntBy Tim HuntAugust 5, 20254 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Malicious states are working to weaponize open-source software: report

Chinese, Russian, and North Korean-affiliated hackers are covertly working to insert backdoor hijacks and exploits into major publicly available software used by countless organizations, developers, and governments around the world, according to findings released Monday by Strider Technologies.

The malicious insertions into these open-source tools could allow hackers to pilfer troves of sensitive data from governments and private-sector firms, according to Strider, which analyzed open-source code contributors who have direct affiliations with foreign adversaries.

Open-source projects — which underpin software systems used everywhere — rely on contributions from community members to keep them updated with patches. The updates are often discussed on forums with volunteer software maintainers, who chat with one another about proposed changes.

Historically, community practices have operated under the premise that all contributors are benevolent. But that notion was challenged last February when a user dubbed “Jia Tan” tried to quietly plant a backdoor into XZ Utils, a file transfer tool used in several Linux builds that power software in leading global companies.

Strider, a strategy intelligence firm that tracks economic espionage, said it used an open-source software screening tool and identified handles with affiliations to countries like China and Russia.

In one case, more than 20% of the people who have contributed to openvino-genai — a code base that lets AI models run on consumer devices — have connections or work relationships that are considered national security risks, according to the research. 

One contributor, “as-suvorov,” used to work for MFI Soft, a software company that the U.S. has sanctioned for its association with hardware and software development used for Russian intelligence collection. MFI Soft did significant work for the Department of Homeland Security’s Federal Protective Service, which gathers and analyzes foreign communications, according to Strider.

The second person, “sbalandi,” previously worked for Positive Technologies, a Russian IT company sanctioned by the U.S. in 2021 for helping with cyberattacks and supporting Russian government hackers.

Strider also analyzed treelib, a package in the Python programming language used to create data structures and visuals with tree plots that help explain connected information like file systems or family trees.

The treelib package on GitHub shows its widespread use, with some 878,000 downloads by the time Strider published its findings. According to Strider analysis, the treelib repository owner, “Chen,” has contributed 154 times to the package. But since 2022, Chen has worked at Alibaba Cloud, a Chinese cloud computing company known for collaborating with state-affiliated defense conglomerates and sharing code vulnerabilities with a Chinese government intelligence database.

Chen is also a researcher at Baiyulan Open AI, a Chinese state-backed organization that connects with open-source communities globally. Chen holds a PhD in Behavior Informatics from Shanghai Jiao Tong University, a Chinese university with research ties to the People’s Liberation Army and state-owned defense industry giants. 

During his time at SJTU, Chen specialized in mobile data mining, researching public surveillance methods at a key Chinese state laboratory, and his research was funded by Chinese entities, including Huawei Technologies, according to Strider.

The company did not specify the sources and methods used to trace Chen and other malicious users to their professional roles and affiliations.

“Open source software platforms are the backbone of today’s digital infrastructure, yet in many cases it’s unclear even who is submitting the code,” Greg Levesque, CEO and co-founder of Strider, said in a statement. “In turn, nation-states like China and Russia are exploiting this visibility gap. Individuals are lying in wait, building credibility in the ecosystem with the power to introduce malicious code with devastating downstream effects.”

Over half of critical open source tools are underpinned by code that does not internally manage memory spillover risks, opening them up to potential exploitation by hackers, the Cybersecurity and Infrastructure Security Agency said last summer.

This week, seven teams will compete at the DEF CON hacker conference, where the Defense Advanced Research Projects Agency will evaluate their AI-powered systems designed to autonomously identify and patch vulnerabilities in open-source code.



Read the full article here

Share. Facebook Twitter Pinterest LinkedIn Telegram Reddit Email
Previous ArticleRifles: Installing Accuracy
Next Article 5 Useful Pieces of Gear for Every Saddle Hunter

Related Posts

Pentagon slashes staff of R&D repository by nearly 80%

August 5, 2025

Sunday Shoot-a-Round # 292

August 5, 2025

INDOPACOM’s ‘expeditionary foundry’ is another step toward the 3D-printed future

August 5, 2025

Is The Mountain Gun A Myth?

August 5, 2025

Lockheed Martin aims to test a missile-killing satellite by 2028

August 5, 2025

SIG P320 Fiasco ! | What Do I Think About It?

August 5, 2025
Don't Miss

Marine Raider TAKES DOWN a Billion Dollar West-Africa Drug Op—and Barely Escapes Alive

By Mike RitlandAugust 5, 2025

Watch full video on YouTube

5 Useful Pieces of Gear for Every Saddle Hunter

August 5, 2025

Malicious states are working to weaponize open-source software: report

August 5, 2025

Rifles: Installing Accuracy

August 5, 2025

Subscribe to Updates

Get the latest firearms news and updates directly to your inbox.

  • Home
  • Privacy Policy
  • Terms of use
  • Contact
© 2025 Firearms Forever. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.