It is difficult to fathom that a threat actor may be able to breach the networks of a reputed security company. Yet, this is not only possible but also happened in the past; and it is not far-fetched to believe that it is the case with at least three antivirus makers, as
reported by BleepingComputer earlier this week.
The world learned in 2012 that
hackers had breached Symantec networks six years earlier and made off with the source code for Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere.
In 2015,
Kaspersky announced that its internal network had been infiltrated by a threat actor interested in learning about the technology the company developed for its secure operating system, Fraud Prevention, Security Network, and Anti-APT solution, and services.
As a side note, Bitdefender was in the limelight the same year when a
hacker tried to extort the company for $15,000 after stealing non-encrypted login customer data. This was possible because a server was running an outdated software package, as a result of a human error.
In all three cases, the companies said that the incident did not have lasting effects or a significant impact. Symantec’s source code was for old products; with Kaspersky, the intrusion was caught early and gave the company insight into the adversary's tools and infrastructure; and Bitdefender said the leak affected less than 1% of their SMB customers.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}