Shane Chambers No Comments

In the latest major security breach to rock the business world, three major US-based antivirus companies have been hit by Russian hacker group Fxmsp. Fxmsp, who are well known in the cyber security community for previous high-profile breaches, began advertising the spoils of their latest venture on the dark web for upwards of $300,000, while providing strong evidence of their claims.

Fxmsp is known for selling access to large, global corporate networks on the dark web.

Threat-research security firm Advanced Intelligence (AdvIntel) broke the news in a report published last week, stating that Fxmsp were attempting to sell both source code and network access to three global then-unknown antivirus companies.

The hacker collective had laid low the past two years, but reappeared on online forums within the last few months, where AdvIntel and others began monitoring them closely. Fxmsp claimed online that their hacking operation of the AV companies had begun six months ago, and when it had completed its operation (downloading more than 30TB of critical data in the process), it uploaded screenshots and samples to prove the legitimacy of its haul.

Assuming that the group are telling the truth, which looks likely, this is catastrophic news for the companies involved. If hackers and other nefarious actors gain access to the source code being sold by Fxmsp, they could potentially locate vulnerabilities that allow them to bypass antivirus on millions of computers worldwide, or even turn the AV software into malware – spying on user PCs and later leveraging their information to commit other cyber crimes such as identity theft and fraud.

After additional research on dark web forums, AdvIntel discovered conversations between Fxmsp and other actors claiming that the three antivirus companies hit were Symantec, McAfee and Trend Micro. AdvIntel claim to have full chat logs of the secret discussion held between Fxmsp and potential buyers, as well as samples of the source code allegedly stolen from the three companies listed.

All three companies have downplayed the incident in their public statements, in an attempt to preserve trust in them and maintain their reputation, however if the claims are true, it’s only a matter of time before they have dire consequences – with their customers potentially facing a large risk as well if their computers are opened up to hackers.