Posted on May 10, 2019 at 3:01 PM
Hackers Manipulate Antivirus Companies
Fxmsp is selling the source code and access networks of US Antivirus Software Companies!
Reports this week from Advanced Intelligence, the company focused on online threat research, reveal the latest ploy used by hackers. AdvIntel has expressed their concerns about hackers who are breaching the data of three major US Antivirus software companies and then selling the information! This group of hackers is apparently referring to themselves as Fxmsp.
Fxmsp have reportedly been selling back to the US companies for approximately $300,000. This isn’t the first time we have seen Fxmsp selling their access breaches. They generally sell their access to breaches of large corporations and organizations involved with the government. Their reputation focuses on the theft of Active Directory servers and hacking into remote desktop protocol through an internet connection.
Fxmsp’s shift in recent months has bragged access to usernames and passwords. They have claimed the development of a botnet for theft of credentials in order to target networks with high value security. Fxmsp have boasted that their main objective has been to develop this botnet and continually develop its potential for stealing high value information.
The group has been involved in many reports regarding their reputation, especially focusing on them selling breaches access, mainly to global entities for a high value price. In recent years, they have been held responsible for large network breaches and the sale of corporate networks such as the Marriot/Starwood breach in November 2018.
AdvIntel has made claims that the group’s profits may be close to $1 million. They have been working to create their own network of sellers which can be responsible for promoting and selling their breached networks access. This web of resources, utilizing criminal markets, is only going to make Fxmsp’s profits soar. The director of research at Advanced Intelligence, Yelisey Boguslavskiy, has stated that they detected the group’s activities through “both Cyber Watch and the New York Cyber Task Force” which they were then able to take to the FBI.
In March this year, the group made claims to have accessed the US Antivirus software organizations. AdvIntel were able to forewarn the companies and gave information they had found to the US law enforcement. The group has stated that their network of sellers will announce the sale of this secure data on forums after offering it through a private conversation with the organizations, themselves.
AdvIntel’s researchers have reported online that the organizations have made claims that they would be able to deliver private information taken from the best antivirus firms based in the US. The group offered to sell this information and access to the networks to the three companies for approximately $300,000. AdvIntel went on to state that the organization has confirmed that they hold important code from each organization’s software development. We can only begin to imagine the impact this will have on the three mentioned companies. The group has claimed they will be making a “public sale” of the access to the networks.
Further reports by AdvIntel have stated that the group has been able to take relevant source code for analytics for improvements to machines, plugins used for security on web browsers and code for antivirus agents. Researchers have also reported that the group has been assessing the efficiency of each companies’ software.
At the beginning of this month, Boguslavskiy announced the group had faced a compromise in their plans due to a member of their team triggering their point of access whilst navigating through one of the companies’ clients lists. They are currently trying to regain access to the network.
Due to this disruption, the group’s original plans for retailing the data has now changed. Boguslavskiy has stated that Fxmsp now plans to make further offers of the data privately. We expect to see proposals for the remaining organizations appearing near the end of this month across various forums.
