Malicious Backdoor Identified in Linux Compression Library

Background A backdoor has been discovered in the open-source compression library, XZ Utils versions 5.6.0 and 5.6.1 for Linux operating systems. This vulnerability, tracked as CVE-2024-3094 and rated 10 in CVSS severity is a supply chain attack that compromises the integrity of Secure Shell (SSH) and allows attackers to use a predefined encrypted private key to execute commands on the victim’s machine with administrator permissions. Impact Exploitation of the backdoor enables a malicious actor to break SSH authentication and gain unauthorised access to the entire system remotely. Mitigation Measure Administrators and developers are advised to upgrade their XZ Utils installation to the latest stable version. Alternatively, users may downgrade to an uncompromised version such as XZ Utils 5.4.6. Ensure that infrastructure firmware, operating systems, and user applications are up to date in terms of patches. Use Multi-factor authentication wherever possible as part of access control mechanisms. Limit the use of administrator privileges. Recommendation The following references provide further details on the backdoor. https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users https://www.cybereason.com/blog/threat-alert-the-xz-backdoor Contact the Cyber Security Authority The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking guidance and assistance on online activities, Call or Text – 292, WhatsApp – 0501603111, Email – report@csa.gov.gh Issued by Cyber Security Authority June 20, 2024 Ref: CSA/CERT/TA/2024-06/01