#USA #Salt Lake City #Open Source #Strider Technologies #Cyber Threats

Understanding Geopolitical Risks in Open Source Coding

Strider Technologies, a leader in strategic intelligence, has presented a concerning new report highlighting how individuals with links to adversarial states actively contribute to open-source software ecosystems. This growing trend unveils the significant geopolitical risks that organizations face in the evolving digital landscape.

The report, titled Lying in Wait: Understanding the Contributors Behind Open Source Code, describes the infiltration of highly-skilled contributors associated with state-backed cyber threats into popular platforms like GitHub. Such actors leverage the openness of these platforms to introduce vulnerabilities and malicious code into crucial software supply chains that companies, developers, and government entities utilize.

Greg Levesque, CEO and co-founder of Strider, emphasizes that while open-source software (OSS) platforms form the backbone of today’s digital infrastructure, the identity of contributors is often obscured. He stated, “Countries like China and Russia exploit this lack of visibility to infiltrate trusted ecosystems with harmful code that can have devastating effects on downstream systems.” This insight is critical because organizational trust in software must extend beyond just the functionality of the code to include scrutiny of its contributors.

The Strider report specifically points out how state-sponsored hacking groups, such as APT41 from China and the Lazarus Group from North Korea, utilize OSS platforms to pursue their governmental agendas. These contributors are now embedded within these open frameworks, exploiting the transparency of OSS to infiltrate the software supply chain, steal sensitive data, and launch long-term cyber espionage campaigns.

Several high-profile incidents serve as alarming reminders of these threats, including recent attacks on the Python Package Index (PyPi) and the notorious Log4Shell vulnerability. Their occurrences underscore an alarming trend that poses risks not just to individual organizations, but also to entire industries relying on secure software development practices.

Strider employed its advanced screening technology to analyze contributions in various prominent OSS repositories. The findings revealed alarming connections between contributors and state-affiliated actor networks from countries like China, Russia, and Iran. Notably, more than 21% of contributions in the openvino-genai project, a pivotal repository for modern AI inference workflows, were associated with threats to national security.

Noteworthy contributors associated with security-risk enterprises include:

• - An active contributor named as-suvorov, previously employed by MFI Soft, a U.S. sanctioned company involved with sensitive communications operations.
• - Another contributor, sbalandi, formerly from Positive Technologies, an IT firm under U.S. sanctions for its ties to malicious cyber operations.

Given the rising popularity of tools like OpenVINO—downloaded over a million times—it is critical for organizations to be aware of the backgrounds of those who contribute to the software they rely on. Understanding who is behind the code helps in making informed decisions about the security and reliability of technological implementations.

The full report is accessible here, and you can learn more about Strider's Open Source Software Search Tool on their website. Strider Technologies remains committed to advancing the security landscape for enterprises globally with advanced insights derived from publicly available data.

With offices spanning across 15 countries, Strider combines cutting-edge AI technology and proprietary methodologies to enhance organizations' ability to respond proactively to risks associated with state-sponsored intellectual property theft and cyber threats.