PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code

pablozi

Level 27
Verified
Trusted
Jun 14, 2011
1,597
In yet another instance of a software supply chain attack, someone hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code.

The two malicious commits were pushed to the self-hosted "php-src" repository hosted on the git.php.net server, illicitly using the names of Rasmus Lerdorf, the author of the programming language, and Nikita Popov, a software developer at Jetbrains.

The changes are said to have been made yesterday on March 28.

"We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account," Popov said in an announcement.
 
Top