Re: Malware find in the news: xz related.

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 06/04/2024 15:40, Rich wrote:

 
And, if the attack, given its patience and sophistication, is as some
surmise, the work of state actors in the employ of their government
(i.e. NSA, CIA, Russia, China, North Korea, etc.) then it is unlikely
that anyone will ever be detained nor will anyone be named.

 
It is at least comforting that if it were, they must not already have
such access, or they would not have bothered.

I don't follow that. Hackers, especially state funded hackers with
unlimited resources, will always want more options for getting into
systems. That way when one vulnerability is discovered or doesn't
apply to a particular usage case, another can be selected straight
away.

It's identical to arms development. Nobody ever stops working on
this stuff unless the money gets cut off.

What this does show is that social engineering techniques are
being used very successfully, which means it's quite likely that
similar attacks _are_ going on against other software projects.
Some probably from the same office, if not the same person, as
"Jia Tan".

--
__          __
#_ < |\| |< _#