Hacked AV companies named in 'code for sale' breach

News by Bradley Barth

McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cyber-criminal group Fxmsp claims to have stolen.

McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cyber-criminal group Fxmsp claims to have stolen. Comments issued by the vendors minimised the threat, although Trend Micro did confirm that a breach had occurred.

Last week cyber-security firm Advanced Intelligence (AdvIntel) reported in a company blog post that Fxmsp was offering to sell the AV firms’ code for as much as US$300,000 (£230,000) via its dark web reseller network. AdvIntel Director of Security Research Yelisey Boguslavskiy told SC Media that the hacking collective had vaguely alluded to a fourth victimised company, but never mentioned it by name.

For security reasons, AdvIntel’s report withheld the identities of the affected vendors. But according to a 13 May BleepingComputer article, a review of the Fxmsp group’s chat logs revealed the names of the three AV companies. The vendors subsequently responded to the reports with their own official statements, which were printed in multiple reports.

Trend Micro’s statement acknowledged a third party’s breach of a "single testing lab network," but asserted that only low-risk debugging-related information was exfiltrated, and nothing else. "We are nearing the end of our investigation and at this time we have seen no indication that any customer data nor source code were accessed or exfiltrated," the statement says. "Immediate action was taken to quarantine the lab and additionally secure all corresponding environments. Due to the active nature of the investigation, we are not in a position to share any additional information, but we will provide an update when additional insights become available and can be disclosed."

However, BleepingComputer reports that Boguslavskiy disputed Trend Micro’s statement, noting that he has evidence of actual stolen files that include terabytes of source code.

Symantec, distributor of Norton-braned AV products, said in a statement that it is "aware of recent claims that a number of US-based antivirus companies have been breached," adding that "We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned."

Reportedly, AdvIntel has acknowledged in a follow-up statement that it agrees with Symantec’s threat risk assessment with "high confidence," due to a lack of sufficient evidence that the hackers have obtained Norton source code. (Even the Fxmap chat logs don’t mention Symantec, BleepingComputer notes.)

Meanwhile, McAfee sent SC Media the following statement: "McAfee has been conducting a thorough investigation into this group’s claims. To date, we’ve found no indication that McAfee products, services or networks have been impacted by the campaign described."

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop