Hackers Breached 3 US Antivirus Companies

Status
Not open for further replies.
F

ForgottenSeer 58943

Norton has lost code before.

Also, modern interdiction technology readily subverts AV's by using re-engineered code from those AV's so it stands to reason this has happened and will happen again. Norton is obviously one of the victims here and if so, it really begs the question as to if they can fully recover once all of the disclosures come out.

That TerraPrivacy guy many months ago basically proved Norton was compromised if I remember, but he pulled the video for legal reasons.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Norton has lost code before.

Also, modern interdiction technology readily subverts AV's by using re-engineered code from those AV's so it stands to reason this has happened and will happen again. Norton is obviously one of the victims here and if so, it really begs the question as to if they can fully recover once all of the disclosures come out.

That TerraPrivacy guy many months ago basically proved Norton was compromised if I remember, but he pulled the video for legal reasons.

I am skeptical about the company investigating this. AdvIntel seems to have appeared out of nowhere. Not to say the hacks haven’t happened, but who are they?
 

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
Bad news , users should know whats happen & Also which companies were hacked & why?
I do't know why! when a none US based Av company do a mistake all around the world Sites,Blogs,News will cover that and now, no one do't know whats happen & for which one:censored:
btw US Av companies are:
Symantec,Mcaffe,MalwareBytes,Viper,Webroot,Cylance
which one :unsure:
but we can guess which one keep close attention to this sentence:
"A screenshot shows a reverse-engineringtool view of code presented by the hacking collective Fxmsp showing access to a major US antivirus software company. "
Major!
I guess emm Symantec & Mcaffee are major & which of these companies are major? (malwarebytes or Webroot?)
 
Last edited:

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Can't be easy for the companies affected also for the US companies that were not affected & subject to speculation? The story does seem to be going somewhat exponential & the cat does seem to have escaped from he bag. As ForgottenSeer 58943 says Norton lost code some time ago but as I remember they said it was old & not critical, looks a little different this time, assuming they are affected.
 
F

ForgottenSeer 58943

Betcha Cylance.. Cylance has played fast and loose with their security, code control, and vetting employees/contractors. The firm was largely run by marketing shills and anything market and sales shills at firms handle/touch is pretty much tainted goods because their entire focus is on money aside from all other considerations. I'd almost place money on one of them being Cylance.

I've learned over the years that sales and marketing people at corporations are nothing but parasites.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Symantec would be an obvious target. They have money, they have good code that could draw value in the black market. They are a big, well-known, lucrative target.

But... we have a conditional denial from Norton now --

Symantec is aware of recent claims that a number of US-based antivirus companies have been breached. Researchers at AdvIntel, who released information on the breach to media, stated they had notified potential victim entities of the breach. At this time, Symantec has not been contacted by AdvIntel. We have no indication that Symantec (Norton) has been impacted and do not believe there is reason for our customers to be concerned.

So if it is correct that the 3 companies have been notified, this is an indicator that Symantec is not one of the three.

Not to overly parse their words... but... the Symantec statement (above) references 'contact by Advintel.' Several of the press reports indicated that "partner organisations" (not Advintel) have contacted the breached AVs.

It is probably just inexact wording. But parsing words carefully while avoiding the truth is pretty common in this era of seemingly common corporate and government lying.

But the last sentence should cover any doubt, "We have no indication that Symantec (Norton) has been impacted.."

Assuming Symantec was not breached, they are probably lucky -- or very well protected. Because I'll bet they were a target.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
The list:
Comodo
Fortinet
McAfee
Microsoft
Immunet
Symantec
Webroot.
FireEye
Palo Alto
Carbon Black
Symantec is probably one of them:

It does seem to line up too well that he stepped down just before the news hit. If Microsoft is involved there’s a lot more at risk than AV software since they supposedly gained access to internal networks. I bet they’d be bragging more (and charging more) if they got the key to that door, but I could be wrong.
 
  • Like
Reactions: JB007 and upnorth

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Looks like Trend Micro was included.


The Gizmodo story had been updated making it sound like AdvIntel refutes both Symantec’s denial and Trend Micro’s label of a low risk incident.
 
F

ForgottenSeer 58943

Many forget, while Trend Micro likes people to think it's not a US Company, it really is more US-Based than almost any AV firm. In fact CIA and Booz Allen largely share fusion centers with Trend Micro. Trend Micro a few years ago made major strides in detection but lately they've had a string of uncomfortable incidents. In addition, in the Hacker Deterrant thread it seemed to indicate Trend Micro had been reverse engineered at enough of a level to where key core components could be replaced with malicious ones.

The exit of key people at Symantec largely affirms this as generally when something like this happens C level leadership has little option other than to be flushed out.
 
  • Like
Reactions: JB007 and oldschool
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top