Hackers Breached 3 US Antivirus Companies

Status
Not open for further replies.

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors.

The collective, calling itself “Fxmsp,” is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims. Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified “the potential victim entities” of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data “through a private conversation,” Boguslavskiy said. “However, they claimed that their proxy sellers will announce the sale on forums.” Fxmsp has a well-known reputation in the security community for selling access to breaches, focusing on large, global companies and government organizations. The group was singled out in a 2018 FireEye report on Internet crime for selling access to corporate networks worldwide, including a global breach of a luxury hotel group—potentially tied to the Marriott/Starwood breach revealed last November. AdvIntel’s researchers say the group has sold “verifiable corporate breaches,” pulling in profits approaching $1 million. Over the past two years, Fxmsp has worked to create a network of proxy resellers to promote and sell access to the group’s collection of breaches through criminal marketplaces. In March, the group “stated they could provide exclusive information stolen from three top antivirus companies located in the United States,” AdvIntel’s researchers reported in a blog post going live today. “They confirmed that they have exclusive source code related to the companies' software development.” And the group offered privately to sell the source code and network access to all three companies for “over $300,000,” the researchers said.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
They apparently got a new-gen AV company's machine learning analytic code.


Hide this from the paranoid PC users.

Uh-oh, my AV will now be hacking me! Maybe that's why they call it artificial intelligence? :eek::emoji_cold_sweat::emoji_fearful::emoji_fearful::emoji_fearful::barefoot::barefoot::barefoot:
 

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
This is um.... bad.
Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless... or worse.
As for the names of the three anti-malware software companies that were compromised, that's still a mystery. Unless someone in the cybersecurity business decides to shell out $300k to find out what's hiding in the 30TB of files we may not find out until it's far to late.
 
Last edited:

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Is there any official evidence that McAfee is one of the companies which have been breached?

There's no evidence of who any of the companies are. However, the report does state that browser extension(s) were compromised. So at least one of the companies concerned uses an extension, possibly all 3. That's about as much detail as there is at the moment.

By market share based on a quick google the top 3 from the US are McAfee, Malwarebytes, and Symantec. Followed by Webroot and Cylance. But who knows till they report it, if they ever do. This is all assuming WD isn’t involved, which it doesn’t sound like it is based on the report.
 
F

ForgottenSeer 72227

This is both interesting and concerning. It would be interesting to know who are the 3 AV vendors are, but it's more than likely the ones already mentioned. I wouldn't be surprised if all the US AV vendors are scurrying around trying to figure out if they are one of the 3.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
This is both interesting and concerning. It would be interesting to know who are the 3 AV vendors are, but it's more than likely the ones already mentioned. I wouldn't be surprised if all the US AV vendors are scurrying around trying to figure out if they are one of the 3.

Supposedly they have been informed. I think the Ars article was updated. Interestingly the commenters on Ars seem skeptical if this is real or not based on the scant evidence provided. It’s either a hoax or very concerning.
 
Last edited:

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
So this AdvIntel company has a cheap-o Wix style website with one post. (Blog | Advanced Intel) Has anyone even heard of these guys before?

Edit: something seems up here. Their first tweet was on May 2. Then they posted the news and opened the Wix site to post a blog. Not saying the companies weren’t hacked, but this seems strange.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top