In a report published yesterday, researchers revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. The collective, calling itself “Fxmsp,” is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims.
This offer was for each individual company and it is not a set price. It could go as high as $1 million for one access. A definitive offer is still being discussed with intermediaries. According to the AdvIntel report, Fxmsp had managed to steal source code that included code for antivirus agents, analytic code based on machine learning, and “security plug-ins” for Web browsers. “Fxmsp also commented on the capabilities of the different companies’ software and assessed their efficiency,” the researchers wrote.
Researchers: 'Fxmsp' Russian Hacking Collective Exploits Victims Via RDP and Active DirectoryThe "Fxmsp" hacker collective has been advertising source code that it claims to have stolen from three top U.S. anti-virus software development firms, as well … https://t.co/tnJBl4ayKB pic.twitter.com/fh5k96Yg0p
— CyberSecurityResource (@InfoSecResource) May 10, 2019
Expert Comments:
Tim Mackey, Principal Security Strategist at Synopsys CyRC (Cybersecurity Research Center):
“In situations like this, its only natural for consumers to want to know if they are at risk, or even under attack. Since we don’t yet know when the potential breach occurred, there is no means to say an older version of any product is free from tampering. We can have confidence that any impacted vendors are working with law enforcement, and that any damage will be contained. In the interim, we should confirm that our anti-malware solutions have the digital signatures on them from our actual vendor. The process to do this varies by operating system, but can be easily performed by an end user. In the event of a discrepancy, contact the vendor and seek guidance from them.”