Ddos 
Hunted Labs has uncovered that a widely used open source library—easyjson—is maintained and controlled by developers associated with VK Group, a major Russian technology conglomerate tightly linked to the Kremlin.
The findings, discovered through Hunted Labs’ Entercept™ platform, expose how this critical Go package—used across U.S. government agencies, Fortune 500 companies, and cloud-native infrastructure projects like Kubernetes, Helm, and Istio—is potentially a covert channel for foreign influence, data exfiltration, or even backdoor insertion.
“We found a suspicious component known as easyjson… used across U.S. Government systems, Fortune 500 enterprises, and serves as the cornerstone of Cloud Native Computing Foundation projects,” the report warns.
Easyjson is a high-performance JSON serialization/deserialization package written in Go, designed to speed up data parsing by generating optimized code. It is deeply embedded across the software ecosystem, particularly in cloud-native applications, distributed systems, and real-time analytics platforms.
“Any compromise of a serializer is extremely dangerous because they are: invisible, deeply integrated, hard to remove, and trusted by default,” says Hunted Labs.
The maintainers of easyjson are a team of Moscow-based developers employed by VK Group (formerly Mail.ru)—a company under the control of Russian state-owned Gazprom Media. Leadership within VK has been sanctioned by both the U.S. and E.U., and the company has a well-documented history of cooperation with Russian security services, censorship of political opposition, and disinformation campaigns during the Ukraine war.
“A group of developers from VK, an entity with leadership under active U.S. and E.U. sanctions… maintain easyjson,” the report confirms.
Hunted Labs outlines multiple alarming possibilities if easyjson were to be compromised or weaponized:
- Supply chain backdoors enabling mass compromise
- Remote code execution via crafted JSON inputs
- Espionage and covert data exfiltration
- Kill switch activation across critical systems
“Russia doesn’t need to attack directly. By influencing state-sponsored hackers to embed a seemingly innocuous OSS project deep in the American tech stack, they can wait, watch, and pull strings when it counts,” the researchers warn.
The investigation began with a routine scan for foreign-controlled code in U.S. enterprise environments. But further inspection revealed that over 85% of all commits to easyjson were made by Russian-based contributors, many directly affiliated with VK.
“That code now acts as an umbilical to our cloud-native ecosystem,” Hunted Labs states.
Donate