“We continue with further hardening of our systems and policies”
Japanese security conglomerate Trend Micro has wrapped up an internal investigation after falling victim to a security incident that saw one of its own testing lab environments breached – with alleged source code and network access later offered for sale on the Dark Web.
Russian-speaking group Fxmsp had been touting the data for $300,000 on Russian forums, claiming it had 30TB of aggregated data. The incident was of some embarrassment for Trend Micro, which runs arguably the world’s largest bug bounty programme, the Zero Day Initiative.
But the investigation confirms that the incident was not on the scale first suggested by New York-based threat intelligence company Advanced Intelligence, which initially (and inaccurately) suggested that three cybersecurity companies had been penetrated by a group it dubbed Fxmsp.
A Trend Micro spokesman told Computer Business Review: “We have concluded our internal investigation into the recent claims of an intrusion into one of our testing lab environments, and as promised, we are sharing a summary of our key findings. Trend Micro source code and customer data remains secure.”
“Evidence shows that during the unauthorized access to a single testing lab environment, the malicious group Fxmsp obtained artifacts used for debugging purposes. Remediation measures were immediately implemented, and we continue with further hardening of our systems and policies.”
The company added: “Our highest priority remains protecting our customers and partners, and we remain committed to this.”
“This incident reinforces the message that every organization must constantly remain vigilant with their security measures as hackers continue to sharpen their attack methodologies and widen their attack surface.”
Fxmsp had told Advanced Intelligence researchers that it accessed network environments via Remote Desktop Protocol (RDP) servers and exposed Active Directory accounts. It also claimed to have developed a credential-stealing botnet capable of infecting high-profile targets.
Symantec and McAfee, also named by the criminals as breached, denied outright that they had suffered any compromise and no evidence was furnished to confirm the claims. Advanced Intelligence has been contacted for comment.