On a recent report regarding Fxsmsp hacking group that has obtained the source code of these Anti-virus firms. The names of the victims remained undisclosed to the public due to the sensitive nature of the matter and because authorities had been alerted for this incident now, as the victims have released statements that either downplay, contradict the findings, or have decided to neither deny nor confirm the incident.
Investigative firm substantiated their claim and has collected information about the activity of Fxmsp and its sellers on underground forums and gathered instant messaging logs of the actor discussing their access and trove of data they were advertising to sell for up to $300,000.
Below is a conversation about source code files for various products from anti-virus companies Symantec, McAfee, and Trend Micro. The chat is between Fxmsp members: they also have the following evidence to support their findings and the release of the report:
(1) Full chat logs listing all the 3 identified anti-virus names (and more) breached as disclosed by the actor;
(2) Full video recording from the actor assets regarding their operation;
(3) Full source code samples from at least one of the Antivirus vendors breached as obtained from the actor;
The company also sent a screenshot showing the properties of a video file to support their findings.
According to the investigative firm, the video shows content from the hop server and transfer of gigabytes of data from the compromised anti-virus company, with file timestamps, actor commentary, source code, and walk through of the actual code.
Symantec believed that their customers does not need to feel concerned, researchers coincide with Symantec as Fxsmsp’s allegation might not be substantiated.
Trend Micro data associated to one of its testing labs have been accessed but the incident is low risk since its source code hasn’t been exfiltrated or even accessed and customer data is also safe.They vowed to conduct a thorough investigation of the matter in collaboration with law enforcement and will share the details transparently.
McAfee could not immediately confirm or deny that it has become a victim of a data breach, however they are investigating the issue. As per its spokesperson, they are taking necessary steps for monitoring the information and investigating a potential data breach.