First-of-its-kind research demonstrates that individuals with affiliations to risky Russian and PRC entities are contributing code into critical software supply chains
SALT LAKE CITY, Aug. 4, 2025 /PRNewswire/ -- Strider Technologies, Inc. ("Strider"), the leading provider of strategic intelligence, today published a new report documenting how individuals with direct affiliations to nation-state adversaries are active contributors to popular open source software (OSS) ecosystems. The presence of state-sponsored cyber threat groups on OSS platforms, such as GitHub, demonstrates the nature of the new era of geopolitical risk confronting organizations.
Strider's report—Lying in Wait: Understanding the Contributors Behind Open Source Code—details how OSS platforms are increasingly weaponized by advanced persistent threat (APT) groups at the contributor level. Through subtle code contributions, the insertion of backdoors, and the exploitation of trusted software components, these actors can embed threats into software pipelines used by corporations, developers, and governments alike.
"Open source software platforms are the backbone of today's digital infrastructure, yet in many cases it's unclear even who is submitting the code," said Greg Levesque, CEO and Co-Founder of Strider. "In turn, nation-states like China and Russia are exploiting this visibility gap. Individuals are lying in wait, building credibility in the ecosystem with the power to introduce malicious code with devastating downstream effects. Our research reveals that a focus on who contributes the code, in addition to what the code does, is imperative for organizations to make informed decisions about the trustworthiness of their systems."
State-sponsored cyber threat groups, like APT41 (PRC), Lazarus Group (North Korea), and Cozy Bear (Russia), have exploited OSS platforms to further their governments' strategic objectives. These actors have become active contributors who subvert the openness of these platforms to infiltrate the software supply chain, steal sensitive data, and enable long-term cyber-espionage campaigns. Several high-profile incidents in recent years—such as the Python Package Index (PyPl) supply chain attack, the Log4Shell vulnerability exploitation, and the XZ Utils backdoor incident—illustrate this trend.
Using its new open source software screening capability, Strider analyzed contributors to popular OSS repositories. This analysis identified handles with direct affiliations to nation-state actors from China, Russia, and Iran. Anecdotes include:
The full report can be found here. Information on Strider's Open Source Software Search tool can be found here.
About StriderStrider is the leading strategic intelligence company empowering organizations to secure and advance their technology and innovation. Leveraging cutting-edge AI technology alongside proprietary methodologies, Strider transforms publicly available data into critical insights. This increased intelligence enables organizations to proactively address and respond to risks associated with state-sponsored intellectual property theft, targeted talent acquisition, and third-party partners. Strider has operations in 15 countries around the globe with offices in Salt Lake City, Washington, DC, London, and Tokyo.
Contact: media@striderintel.com
Comunicato stampa sponsorizzato - Responsabilità editoriale PrNewswire. I giornalisti Adnkronos non sono in nessun modo coinvolti né responsabili per i contenuti dei comunicati trasmessi.
