- Michael Avenatti allegedly defrauded Stormy Daniels to pay for a Ferrari 1 Week Ago
- HBO has no plans for an Arya Stark spinoff series 1 Week Ago
- Republicans and Democrats agree on dangers of facial recognition tech 1 Week Ago
- Amazon is using video games and ‘swag bucks’ to incentivize workers 1 Week Ago
- Here’s what’s coming and going on Netflix in June Today 2:46 PM
- This Michael Jackson makeup meme is sweeping TikTok Today 2:45 PM
- Homophobic preacher wants Pete Buttigieg to renounce fisting and rimming Today 2:33 PM
- ‘The Liar, the Snitch, and the War Crimes’: Twitter roasts news of Trump Jr. book deal Today 12:36 PM
- Polar Peak in Fortnite is cracking, and players think a dragon may be beneath the ice Today 12:07 PM
- ‘Rise of Skywalker’ first look reveals mysterious new characters Today 12:00 PM
- Meet the anti-choice, pro-NRA Trump supporter challenging Rep. Justin Amash Today 11:51 AM
- Moby attempts to prove he dated Natalie Portman with a shirtless photo Today 11:39 AM
- After feuding with James Charles, Tati Westbrook angers the YouTube community Today 11:06 AM
- Does Keri Russell’s ‘Rise of Skywalker’ character have an offensive name in Spanish? Today 10:59 AM
- It’s not clear if Ralph Northam is in racist yearbook photo, investigators say Today 10:48 AM
Hackers claim to be selling data from 3 major antivirus companies
Wikimedia Commons (CC-BY-SA)
Alleged chat logs say Symantec, McAfee, and Trend Micro are affected.
A cybersecurity research firm reported last week that a hacking group was claiming online that it had access to data from the networks of three major antivirus companies. Now, purported chat logs from that group, known as “Fxmsp,” reveals the names of those companies for the first time.
The original report, published last Thursday by AdvIntel, stated that Fxmsp was selling the data it allegedly stole from those companies, including documents and source code, for several hundred thousand dollars.
The hacking collective, which frequents both English and Russian forums, has reportedly earned close to $1 million through selling data pilfered in “verifiable corporate breaches.”
“They have a long-standing reputation for selling sensitive information from high-profile global government and corporate entities,” AdvIntel reported.
Alleged chat logs from Fxmsp given to BleepingComputer by AdvIntel revealed those companies to be Symantec, McAfee, and Trend Micro.
“Fxmsp talked about getting into the network of Trend Micro and stealing source code from the company, all without triggering detection,” BleepingComputer reported Tuesday.
The hacking collective was also reportedly “convinced that no one was watching them roaming inside the network of antivirus companies” as well.
Although AdvIntel stated last week that it had contacted the three antivirus companies to warn them of the hackers’ claims, Symantec denied ever being alerted in statements to the media.
Symantec appeared to change its story, though, after the chat log story was published. In a statement to BleepingComputer, Symantec confirmed that it had been contacted by AdvIntel.
“Symantec is aware of recent claims that a number of US-based antivirus companies have been breached,” Symantec said. “We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned.”
AdvIntel concluded that Symantec’s statement was fair given that more evidence was needed in to prove it had been compromised. Trend Micro, however, did appear to have data stolen and released a statement in response.
The statement asserted that “an active investigation” was underway involving law enforcement and Trend Micro’s global threat research and forensic teams.
“At this moment, we are aware that unauthorized access had been made to a single testing lab network by a third party and some low-risk debugging related information was obtained,” a Trend Micro spokesperson said. “We are nearing the end of our investigation and at this time we have seen no indication that any customer data nor source code were accessed or exfiltrated.”
Yelisey Boguslavskiy, director of security research at AdvIntel, says Trend Micro’s denial is provably false.
“As for Trend Micro report regarding source codes, we can provide evidence of the actual files taken (more than 100 MB of the sym files) that the actor had access with over 30TB of source code and everything from Trend Micro,” Boguslavskiy told BleepingComputer.
McAfee, the last company reportedly targeted, released a vague statement providing little detail on whether it agreed with AdvIntel’s assessment.
“McAfee is aware of this threat claim targeting the industry,” the company told BleepingComputer. “We’ve taken necessary steps to monitor for and investigate it.”
Fxmsp is currently offering to sell both access information and source code, depending on the antivirus company, for up to $300,000.
Correction: A previous version of this story misattributed a Trend Micro quote (and a response to it) to Symantec.
- WhatsApp bug allowed hackers to hijack phones just by calling them
- Twitter bug shared some user’s location data without their consent
- Kavanaugh sides with liberal judges, rules Apple anti-trust suit can move forward
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.