The official GitHub repository of the PHP programming language has been reportedly breached by malicious actors.
In the latest developments, the PHP Git repositories were attempted to be compromised where the hackers added a backdoor that could have potentially enabled them to access millions of PHP-based servers across the globe.
However, it has come forth that the malicious actors seemingly left a major clue for the PHP development team to track, and is presumed that the clue was left as an alert in connection with the vulnerability as opposed to a straight attack.
On March 28, the PHP development team had issued official statements regarding the cyberattack and have affirmed the source code breach.
According to the statements, the development team has noted that the PHP Git source code repository was admittedly breached and the hackers had driven a malicious backdoor to the Git server from the accounts of PHP’s developers Rasmus Lerdorf and Nikita Popov.
The malicious PHP backdoor:
Detailing the backdoor, it had not made its way to any of the live servers however if implemented, would have allowed malicious users to execute code on a vulnerable PHP server.
It could also provide significant access and present critical security hazards to millions of websites.
Even though the threats posed by these vulnerabilities are extremely critical, it is apparently noted that the hacker or hackers did not intend for the exploit to go live.
Also read,
One would need to send a specific request to a string named Zerodium to trigger the attack.
To the unaware, Zerodium is an exploit broker service, where hackers can sell their exploits to the highest bidder. This suggests that the hackers were alerting the PHP development team rather than actively exploiting the vulnerability.
Modifying and mitigating risks:
“While [the] investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk and that we will discontinue the git.php.net server. Instead, the repositories on GitHub, which were previously only mirrors, will become canonical. This means that changes should be pushed directly to GitHub rather than to git.php.net.”
The above statements were issued by the development team and will result in them making the GitHub repository the actual code base rather than what is currently a mirror.
The developers believe that this breach was a compromise of the Git server rather than a vulnerability in the programming language.
Hence, post the implemented modification, those requiring access to the PHP GitHub repository will have to contact the development team directly to make a request.
