Alleged Compromise of 3 U.S. Antivirus Companies

Posting ID 119355
Date Added: 05/10/2019 7:56 PM EDT
Date Modified: 05/10/2019 7:56 PM EDT
E-ISAC Staff

Description

On May 9th, threat-research company Advanced Intelligence, LLC, published a report on threat actors “Fxmsp,” who claim to have breached three leading antivirus companies. According to the article, on April 24th Fxmsp extracted source code from antivirus software, artificial intelligence, and security plugins from those three companies. Fxmsp offered screenshots of the companies’ folders (30 TB), which appeared to contain information about their development documentation, artificial intelligence model, web security software, and antivirus software base code.

The article states that Fxmsp’s known TTPs include accessing network environments via remote desktop protocol servers and exposed Active Directory. The E-ISAC is unaware of matching activity found in the electricity sector.

More information can be found here.

Category Type:
Cyber Security
Source URL:
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
TLP - White
Shared Count (23)
  • Advanced Portal Users Group
  • Canadian CERTs
  • CRISP - Cyber Risk Info Sharing Program
  • DHS - NICC, NCCIC, US-CERT, etc
  • DNG-ISAC
  • DNG-ISAC Portal
  • DOE Complex
  • E-ISAC Administrators
  • E-ISAC AOO Members
  • E-ISAC Staff
  • FBI, LE Fusion
  • FERC - OEIS, etc
  • FS-ISAC
  • International (other ISACs, CERTs)
  • Malware Submissions
  • MS-ISAC
  • ONG-ISAC
  • Other (inc. local/state commissions)
  • Portal Feedback
  • ThreatConnect Pilot Program
  • Trade Organizations
  • Watch Floor
  • WaterISAC
Change History
  • Admin, 07/29/2019