McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cybercriminal group Fxmsp claims to have stolen. Comments issued by the vendors minimized the threat, although Trend Micro did confirm that a breach had occurred.
Last week cybersecurity firm Advanced Intelligence (AdvIntel) reported in a company blog post that Fxmsp was offering to sell the AV firms’ code for as much as $300,000 via its dark web reseller network. AdvIntel Director of Security Research Yelisey Boguslavskiy told SC Media that the hacking collective had vaguely alluded to a fourth victimized company, but never mentioned it by name.
For security reasons, AdvIntel’s report withheld the identities of the affected vendors. But according to a May 13 BleepingComputer article, a review of the Fxmsp group’s chat logs revealed the names of the three AV companies. The vendors subsequently responded to the reports with their own official statements, which were printed in multiple reports.
Trend Micro’s statement acknowledged an authorized third party’s breach of a “single testing lab network,” but asserted that only low-risk debugging-related information was exfiltrated, and nothing else. “We are nearing the end of our investigation and at this time we have seen no indication that any customer data nor source code were accessed or exfiltrated,” the statement says. “Immediate action was taken to quarantine the lab and additionally secure all corresponding environments. Due to the active nature of the investigation, we are not in a position to share any additional information, but we will provide an update when additional insights become available and can be disclosed.”
However, BleepingComputer reports that Boguslavskiy disputed Trend Micro’s statement, noting that he has evidence of actual stolen files that include terabytes of source code.
Symantec, distributor of Norton-braned AV products, said in a statement that it is “aware of recent claims that a number of U.S.-based antivirus companies have been breached,” adding that “We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned.”
Reportedly, AdvIntel has acknowledged in a follow-up statement that it agrees with Symantec’s threat risk assessment with “high confidence,” due to a lack of sufficient evidence that the hackers have obtained Norton source code. (Even the Fxmap chat logs don’t mention Symantec, BleepingComputer notes.)
Meanwhile, McAfee sent SC Media the following statement: “McAfee has been conducting a thorough investigation into this group’s claims. To date, we’ve found no indication that McAfee products, services or networks have been impacted by the campaign described.”