Part 8/13:

In March 2024, Andres Freund, a developer at Microsoft, noticed anomalies during routine testing of Debian’s unstable release. Connection delays, the appearance of unexplained binary test data, and unusual memory behaviors caught his attention.

His suspicion led to a deep forensic investigation of the XZ codebase. He uncovered indicators of a backdoor—complex, obfuscated, and carefully constructed to evade detection. His detailed report sparked an emergency response:

• Red Hat promptly rolled back affected releases

• Linux distribution maintainers began auditing their systems

• The open source community rallied to scrutinize dependencies

In the end, Freund’s vigilance was credited with exposing the attack before it could inflict widespread damage.