Antivirus Makers Confirm—and Deny—Getting Breached by Hackers Looking to Sell Stolen Data [Updated]

Boxes of McAfee security software are displayed alongside Norton Anti-virus software by Symantec on a shelf at a Target store August 19, 2010 in Colma, California.
Boxes of McAfee security software are displayed alongside Norton Anti-virus software by Symantec on a shelf at a Target store August 19, 2010 in Colma, California.
Photo: Justin Sullivan / Getty

Symantec and Trend Micro are among the list of leading antivirus companies that a group of Russian-speaking hackers allege to have compromised, Gizmodo has learned. It remains unclear to what degree the claim is true, if any.


Last week, Advanced Intelligence (AdvIntel), a New York-based threat-research firm, reported that a hacking group was attempting to sell internal corporate documents and source code purportedly stolen from three major antivirus companies. Citing an ongoing law enforcement investigation and its own disclosure policies, AdvIntel did not reveal the names of the alleged victims.

The hackers, known as “Fxmsp,” are said to be offering to sell the stolen data—around 30 terabytes’ worth—for over $300,000. Gizmodo has not itself reviewed or verified any of allegedly stolen documents.

Symantec, maker of Norton Antivirus software, confirmed that it was contacted last week with researchers at AdvIntel, who discovered that Symantec was among the list of alleged victims. Symantec told Gizmodo it is aware of the claim, but does not believe there’s reason for its customers to be concerned. “There is no indication that Symantec has been impacted by this incident,” the company said.

AdvIntel told Gizmodo it shared confidence in Symantec’s self-assessment. “Even though Fxmsp claimed that the company is in this victim list, they have not provided sufficient evidence to support this allegation,” it said.

Previously, AdvIntel said it believed Fxmsp was a “credible threat” and said the group had raked in close to $1 million already by selling off data stolen in “verifiable corporate breaches.”

Symantec initially denied having been contacted by AdvIntel when first reached by Gizmodo earlier on Monday. Yelisey Boguslavskiy, AdvIntel’s director of research, said he’d first reached out to Symantec on May 8 through a partner and then held two remediation calls with the company on May 9 and May 10.


Security software firm Trend Micro, meanwhile, told Gizmodo that data linked to one of its testing labs had been accessed without authorization. It labeled the incident as “low risk,” however, and said that neither customer data nor any of its source code had been improperly accessed or exfiltrated.

Boguslavskiy took issue with Trend Micro’s statement, saying it was “incorrect based on the portion of the data we have and the actor’s statement.”


Trend Micro said its investigation into the matter was still underway and that it was working closely with law enforcement, but that it wanted to “transparently share what we have learned.” The company said it provide updates as the investigation moved forward.

A spokesperson for McAfee, the maker of McAfee VirusScan, would not immediately confirm whether the company had been contacted about a potential breach. The company is currently looking into the matter, the spokesperson said, adding: “We’ve taken necessary steps to monitor for and investigate it.”


Screenshots offered up as proof by Fxmsp appear to show stolen development documentation, an artificial intelligence model, and antivirus software base code, according to AdvIntel. Its researchers said it knows the group to run in both Russian- and English-speaking circles online.

Got a tip? Email:

Update, 5/13: Updated with a statement from AdvIntel about its contact with Symantec and Trend Micro.


Update, 5/14: Added new statements and context from AdvIntel and Symantec.

Senior Reporter, Privacy & Security