Fxsmsp Threat Group, “a credible hacking collective” is offering to sell source code of major anti-virus software for a whopping $300,000.
The servers of three high-profile anti-virus firms have allegedly been compromised by a group of elite Russian hackers. The hacker group, known as Fxsmsp, claims to have stolen the companies’ software source code after infiltrating their internal networks.
The group is well-known on not only Russian but English speaking hacking forums and it is currently trying to sell the internal files and source code of the software for more than $300,000.
According to the report published by AdvIntel, the company that has been tracking the group’s activities from quite some time, the group is known for infiltrating networks that are supposed to be well-guarded. Moreover, the group has mainly targeted corporations that either store government information or other sensitive data.
Around two months back, AdvIntel noticed that after a break of around one and a half year Fxsmsp suddenly reappeared on mainstream hacking forums and within the past six months it attacked three major anti-virus companies. The operation was carried out discreetly until the hackers got hold of over 30 terabytes of data and afterward they posted screenshots of their successful attack.
In the screenshot, the source code, folders, and documents of the three targeted firms’ software can be seen. They are also claiming that they still can access the internal networks of the firms and will share details at no additional cost with the one who agrees to pay their asking amount for the source code and files.
“They have a long-standing reputation for selling sensitive information from high-profile global government and corporate entities,” AdvIntel said in their blog post.
It is worth noting that the situation is quite alarming and worrying for the three companies because the hackers can easily locate showstopping flaws using the source code and these flaws can be exploited as per their will. The software can be rendered useless or can be transformed into malware or an effective espionage tool.
AdvIntel reveals that recently Fxsmsp has developed an army of a credential-stealing botnet that can infect high-profile networks to obtain sensitive data such as usernames and passwords and that lately, the group has been focusing solely on compromising networks of antivirus firms.
According to the research director at AdvIntel, Yelisey Boguslavskiy:
“The actor claimed that antivirus breach research has been their main project over the last six months, which directly correlates with the six-month period during which they were silent on the underground forums where they normally post.”
Ars Technica reports that the victims have already been notified while AdvIntel claims that the victims haven’t been notified publicly. After reviewing the screenshots posted by the hackers, AdvIntel stated that the information seems to be related to the“development documentation, artificial intelligence model, web security software, and antivirus software base code” of the companies.