March 2024

Cyber threats

Every month, cyber threats as seen by Gatewatcher’s CTI analysts
Le Lab Gatewatcher D
152 947
Identified Indicators of Compromise (IOCs)
85 743
Identified compromise reports (sum of IoCs)

Highlight of the month

Friday, March 29. After noticing that his SSH connections were unusually long, Microsoft software engineer Andres Freund alerted the community to the presence of malicious code in two versions of the xz library. Also known as liblzma, this utility is available on many Linux distributions, including Arch Linux, Debian and Fedora.

Versions 5.6.0 and 5.6.1, released at the end of February and on March 9 respectively, both contained malicious code enabling remote execution of arbitrary code. In view of the scale of the threat, a CVE reference has been reserved: CVE-2024-3094, with a CVSS score of 10 out of 10.

The origin of the malicious code can be traced back to mid-March, when JiaT75, a contributor to the open source project, discreetly inserted a backdoor into the library, taking advantage of the legitimacy acquired by his previous valid contributions. These malicious files were initially camouflaged among the tool’s test files, making them more difficult to detect.

To date, no exploitation of the backdoor has yet been detected in the wild.





Definition of the month

A backdoor is an unobtrusive method of gaining access to a computer system by circumventing the usual security measures. It may be placed there intentionally by the system’s creators, or it may be an unintentional vulnerability. For example, a backdoor may be a password or secret code that allows access to a system, or a weakness in the design that can be exploited.

Typically, backdoors are used for malicious purposes such as unauthorized access, data theft or system damage.





About the Cyber Threat Barometer

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.

Ask for a demo

Cyber Threats Barometer: Your monthly cyberthreat overview as seen by Gatewatcher’s CTI analysts