According to a report published today by Strider Technologies, state-sponsored hackers from North Korea, China, and Russia are routinely breaking into the open-source software that runs more than 90% of contemporary applications. According to the intelligence firm’s findings, hostile nation-states are using GitHub and other platforms as weapons to insert harmful code into popular software repositories, posing a threat to global governments and enterprises.
Contributors having direct ties to Chinese and Russian businesses under sanctions were found by Strider’s investigation to be actively involved in important open-source projects. An AI inference toolkit called openvino-genai has been downloaded over a million times, and more than 21% of its contributors were identified as posing a danger to nation-state security. Two donations were connected to Russian businesses MFI Soft and Positive Technologies, which the United States has sanctioned for aiding in cyberattacks and intelligence gathering.
Advanced Extended-Duration Infiltration
The research details the methodical, multi-year tactics used by advanced persistent threat groups such as North Korea’s Lazarus Group, Russia’s Cozy Bear, and China’s APT41 to establish credibility in open-source communities. According to Strider’s Director of Global Communications Paige Waltz, “Actors will spend years building respectable reputations before adding their own harmful code.” Before inserting malicious backdoors, some attackers contribute 40–50 times to a codebase, which makes detection very challenging.
These attempts have been stepped up by North Korea’s Lazarus Group, which may have compromised 36,000 developers worldwide, according to Sonatype, which identified 234 distinct malicious packages linked to the group in the first half of 2025 alone. This development is evident in the group’s Operation Marstech Mayhem campaign, which disseminated the advanced “Marstech1” implant that targets cryptocurrency wallets and credentials via phony GitHub projects.
The Billion-Dollar Effect Of Previous Attacks
Open-source software’s vulnerability has already cost money. China, North Korea, Iran, and Turkey were among the actors involved in the 2021 Log4Shell vulnerability exploitation, which cost impacted firms up to $90,000 per incident response. 72% of the impacted organizations continued to report active exploitation episodes over two years after the incident.
The complexity of these attacks is demonstrated by recent events like as the February 2024 XZ Utils backdoor attempt. Under the alias “Jia Tan,” the attacker worked for years to gain the trust of the Linux community before trying to introduce a backdoor into compression software that is utilized by many systems all over the world.
Strider Technologies CEO Greg Levesque stated, “Nation-states like China and Russia are exploiting this visibility gap.” “Individuals are lying in wait, building credibility in the ecosystem with the power to introduce malicious code with devastating downstream effects.”