Top Antivirus Companies Hacked by a 'Credible Threat' Demanding a Measly $300 Grand, Security Firm Says

AdvIntel research revealed sophisticated method of operation behind Fxmsp.
Screenshot: AdvIntel

A hacking group, said to run in both English- and Russian-speaking circles online, have offered to sell internal documents and code allegedly stolen from the servers of three major anti-virus companies.

A hacking collective called “Fxsmsp” claimed responsibility for compromising the internal networks of the three companies, according to a report Thursday by the thread-research firm AdvIntel. The group is reportedly offering to sell materials it stole for over $300,000.

Advertisement

Fxsmsp is a “credible threat” that has raked in close to $1 million by selling off data stolen in “verifiable corporate breaches,” AdvIntel researchers have assessed with high confidence. “They have a long-standing reputation for selling sensitive information from high-profile global government and corporate entities,” the company said in a report.

Ars Technica reported that the potential victims have been notified. AdvIntel, which first alerted law enforcement to the alleged intrusions, has not identified the victims publicly.

Alleged stolen source code stored in the debug information provided in a screenshot by Fxmsp.
Screenshot: AdvIntel

The company said it had reviewed screenshots of folders purportedly containing up to 30 terabytes of stolen data. The information, it said, appeared relevant to the companies’ “development documentation, artificial intelligence model, web security software, and antivirus software base code.”

Advertisement

AdvIntel did not immediately respond to a request for comment.

“Most recently, the actor [Fxsmsp] claimed to have developed a credential-stealing botnet capable of infecting high-profile targets in order to exfiltrate sensitive usernames and passwords,” the company reported. Profiting from data theft has long been Fxmsp’s stated goal, it said.

Advertisement

More recently, the group, whom researchers say appears to be Russian, has shifted its focus almost entirely to infiltrating antivirus companies.

“The actor claimed that antivirus breach research has been their main project over the last six months,” AdvIntel wrote, “which directly correlates with the six-month period during which they were silent on the underground forums where they normally post.”

Advertisement

Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that Fxmsp’s proxy would announce the sale of the companies’ stolen data soon “on forums.”

Got a tip? Email: dell@gizmodo.com

Advertisement

Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

EmailTwitterPosts
PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD