Antivirus Makers Confirm—and Deny—Getting Breached by Hackers Looking to Sell Stolen Data [Updated]

Boxes of McAfee security software are displayed alongside Norton Anti-virus software by Symantec on a shelf at a Target store August 19, 2010 in Colma, California.
Photo: Justin Sullivan / Getty

Symantec and Trend Micro are among the list of leading antivirus companies that a group of Russian-speaking hackers allege to have compromised, Gizmodo has learned. It remains unclear to what degree the claim is true, if any.

Last week, Advanced Intelligence (AdvIntel), a New York-based threat-research firm, reported that a hacking group was attempting to sell internal corporate documents and source code purportedly stolen from three major antivirus companies. Citing an ongoing law enforcement investigation and its own disclosure policies, AdvIntel did not reveal the names of the alleged victims.

Advertisement

The hackers, known as “Fxmsp,” are said to be offering to sell the stolen data—around 30 terabytes’ worth—for over $300,000. Gizmodo has not itself reviewed or verified any of allegedly stolen documents.

Symantec, maker of Norton Antivirus software, confirmed that it was contacted last week with researchers at AdvIntel, who discovered that Symantec was among the list of alleged victims. Symantec told Gizmodo it is aware of the claim, but does not believe there’s reason for its customers to be concerned. “There is no indication that Symantec has been impacted by this incident,” the company said.

AdvIntel told Gizmodo it shared confidence in Symantec’s self-assessment. “Even though Fxmsp claimed that the company is in this victim list, they have not provided sufficient evidence to support this allegation,” it said.

Previously, AdvIntel said it believed Fxmsp was a “credible threat” and said the group had raked in close to $1 million already by selling off data stolen in “verifiable corporate breaches.”

Advertisement

Symantec initially denied having been contacted by AdvIntel when first reached by Gizmodo earlier on Monday. Yelisey Boguslavskiy, AdvIntel’s director of research, said he’d first reached out to Symantec on May 8 through a partner and then held two remediation calls with the company on May 9 and May 10.

Security software firm Trend Micro, meanwhile, told Gizmodo that data linked to one of its testing labs had been accessed without authorization. It labeled the incident as “low risk,” however, and said that neither customer data nor any of its source code had been improperly accessed or exfiltrated.

Advertisement

Boguslavskiy took issue with Trend Micro’s statement, saying it was “incorrect based on the portion of the data we have and the actor’s statement.”

Trend Micro said its investigation into the matter was still underway and that it was working closely with law enforcement, but that it wanted to “transparently share what we have learned.” The company said it provide updates as the investigation moved forward.

Advertisement

A spokesperson for McAfee, the maker of McAfee VirusScan, would not immediately confirm whether the company had been contacted about a potential breach. The company is currently looking into the matter, the spokesperson said, adding: “We’ve taken necessary steps to monitor for and investigate it.”

Screenshots offered up as proof by Fxmsp appear to show stolen development documentation, an artificial intelligence model, and antivirus software base code, according to AdvIntel. Its researchers said it knows the group to run in both Russian- and English-speaking circles online.

Advertisement

Got a tip? Email: dell@gizmodo.com

Update, 5/13: Updated with a statement from AdvIntel about its contact with Symantec and Trend Micro.

Advertisement

Update, 5/14: Added new statements and context from AdvIntel and Symantec.

Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

EmailTwitterPosts
PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD