Other two companies allegedly involved in the data breach are Symantec and McAfee.
Now, Gizmodo has reported that Trend Micro is included in the list of the three compromised antivirus firms.
It is worth mentioning that Fxsmsp hacking group has obtained the source code of the software of these firms by attacking their internal networks and compromising their servers. The stolen data, which accounts for approx. 30 terabytes, is being sold at a staggering rate of $300,000.
Symantec is the firm behind the much favored Norton Antivirus software. The company told Gizmodo that it has learned about the claims about Symantec being one of the victims of Fxsmsp’s attack but it also believes that its customers don’t need to feel concerned. Symantec’s spokesperson told Gizmodo that:
“There is no indication that Symantec has been impacted by this incident.”
AdvIntel, the company responsible for tracking Fxsmsp’s attack, states that it believes Symantec’s version despite that Fxsmsp has claimed that Symantec is in its list of targets. The reason AdvIntel doesn’t believe in Fxsmsp’s claims is due to the lack of authentic evidence to support the allegation. However, AdvIntel still believes that Fxsmsp is a real threat and has been conducting “verifiable corporate breaches.”
On the other hand, Trend Micro told Gizmodo that the data associated to one of its testing labs have been accessed but the incident is low risk since its source code hasn’t been exfiltrated or even accessed and customer data is also safe.
AdvIntel claims that this is an incorrect assessment because of the large data size that has been stolen by Fxsmsp. Trend Micro has vowed to conduct a thorough investigation of the matter in collaboration with law enforcement and will share the details transparently.
McAfee is also supposedly part of the list of attacked antivirus firms but the company couldn’t immediately confirm or deny that it has become a victim of a data breach.
McAfee, the maker of VirusScan, is investigating the issue. As per its spokesperson, they are taking necessary steps for monitoring the information and investigating a potential data breach.