Hacked AV companies named in ‘code for sale’ breach

Article by Bardley Barth, SC Media

McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cyber-criminal group Fxmsp claims to have stolen. Comments issued by the vendors minimised the threat, although Trend Micro did confirm that a breach had occurred.

Last week cyber-security firm Advanced Intelligence (AdvIntel) reported in a company blog post that Fxmsp was offering to sell the AV firms’ code for as much as US$300,000 (£230,000) via its dark web reseller network. AdvIntel Director of Security Research Yelisey Boguslavskiy told SC Media that the hacking collective had vaguely alluded to a fourth victimised company, but never mentioned it by name.

For security reasons, AdvIntel’s report withheld the identities of the affected vendors. But according to a 13 May BleepingComputer article, a review of the Fxmsp group’s chat logs revealed the names of the three AV companies. The vendors subsequently responded to the reports with their own official statements, which were printed in multiple reports.

Trend Micro’s statement acknowledged a third party’s breach of a “single testing lab network,” but asserted that only low-risk debugging-related information was exfiltrated, and nothing else. “We are nearing the end of our investigation and at this time we have seen no indication that any customer data nor source code were accessed or exfiltrated,” the statement says. “Immediate action was taken to quarantine the lab and additionally secure all corresponding environments. Due to the active nature of the investigation, we are not in a position to share any additional information, but we will provide an update when additional insights become available and can be disclosed.”

However, BleepingComputer reports that Boguslavskiy disputed Trend Micro’s statement, noting that he has evidence of actual stolen files that include terabytes of source code.

Symantec, distributor of Norton-braned AV products, said in a statement that it is “aware of recent claims that a number of US-based antivirus companies have been breached,” adding that “We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned.”

Reportedly, AdvIntel has acknowledged in a follow-up statement that it agrees with Symantec’s threat risk assessment with “high confidence,” due to a lack of sufficient evidence that the hackers have obtained Norton source code. (Even the Fxmap chat logs don’t mention Symantec, BleepingComputer notes.)

Meanwhile, McAfee sent SC Media the following statement: “McAfee has been conducting a thorough investigation into this group’s claims. To date, we’ve found no indication that McAfee products, services or networks have been impacted by the campaign described.”

Back to blog home page

Join our Newsletter

Get updates and the latest scoop in your inbox