Hacker group breaches 3 antivirus companies

Advanced Intelligence, the threat-research company, recently published a report detailing a hacker group that successfully breached three U.S. antivirus companies.

According to the report, the group, who call themselves “Fxmsp,” are comprised of hackers communicating primarily in Russian and English. After accessing the antivirus companies’ systems, the hackers went on to provide evidence samples validating their control over the breaches.

Now Fxmsp is trying to sell the companies’ source code and their network access to those willing to pay.


The Hacker’s Plan to Sell the Breach Access

In total, the hackers are marketing access to the three antivirus software companies for $300,000.

The full data they acquired includes the full source code of the antivirus software, code for the companies’ machine learning analysis tools, and the code behind multiple security add-ons designed for web browsers.

When first discovered, Advanced Intelligence reported the antivirus breaches to the FBI and alerted its potential victims to the threat. Then in March, Fxmsp publicly expressed they had the capability to reveal exclusive information about three different leading antivirus companies. Later that month, the hackers also spoke to the threat-research company in a private conversation which confirmed their activity.

In that talk, Fxmsp expressed their plans of using proxy sellers to announce the actual breach-access sale over forums and to make offers via private messages. They also gave their impressions on the varying efficiencies and capabilities between the companies’ different kinds of antivirus software.

As to when the sales will actually happen, Fxmsp plans to offer access opportunities to certain companies sometime in May.

A Closer look at Fxmsp

This isn’t a first offense for Fxmsp, with them having earned a reputation from selling access to past company breaches. In fact, according to Advanced Intelligence researchers, the hackers have garnered nearly $1 million in profits throughout all their operations. Mostly, their targets consist of government organizations and massive internationally-spanning companies.

In past years, the group achieved most of their goals by exploiting active directory and remote desktop protocol servers that were connected to the internet. They also started focusing on building a proxy selling network to better navigate illicit markets.

But more recently, Fxmsp began claiming they’ve created a form of credential-stealing malware designed to target the usernames and passwords of heavily secure networks. This malware is what they continue to work on today, improving its abilities to better steal, and sell, valuable data locked behind online security.

To see the full report published by Advanced Intelligence, click here.

Facebook Comments