Hackers Claim To Have Breached 3 Major U.S. Antivirus Makers
Hackers have claim successfully breached three US-based antivirus firms and made off with some 30TB of data. US cybersecurity outfit Advanced Intelligence (AdvIntel) said in a blog post that a Russian and English-speaking hacking collective dubbed ‘Fxmsp’ spent the past six months trying to work its way into the unnamed antivirus firms’ networks and its announced success on 24 April.
The group, which has a long-standing reputation for selling sensitive information from high-profile global government and corporate entities, is flogging both source code and network access to the companies for $300,000 and is providing samples that show “strong evidence” of the validity of its claims.
Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified “the potential victim entities” of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data “through a private conversation,” Boguslavskiy said. “However, they claimed that their proxy sellers will announce the sale on forums.”
Fxmsp has a well-known reputation in the security community for selling access to breaches, focusing on large, global companies and government organizations. The group was singled out in a 2018 FireEye report on Internet crime for selling access to corporate networks worldwide, including a global breach of a luxury hotel group—potentially tied to the Marriott/Starwood breach revealed last November. AdvIntel’s researchers say the group has sold “verifiable corporate breaches,” pulling in profits approaching $1 million. Over the past two years, Fxmsp has worked to create a network of proxy resellers to promote and sell access to the group’s collection of breaches through criminal marketplaces.