Incidents attributed to:

"Jia Tan" / JiaT75 (suspected state-sponsored)

Related incidents

Supply chainContainedMarch 29, 2024

XZ Utils backdoor (CVE-2024-3094)

A multi-year social-engineering campaign by a maintainer persona named 'Jia Tan' planted a hidden SSH backdoor in the XZ Utils compression library (liblzma) versions 5.6.0 and 5.6.1, scoring CVSS 10.0 — caught by chance days before it could reach stable Linux releases worldwide.

Victim: XZ Utils / Linux open-source ecosystem