Posted May 10, 2019 Update: https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/ Quote BleepingComputer has obtained exclusive unredacted evidence from fraud prevention company AdvIntel showing communication from the Fxmsp hacker collective naming three of the victims. Below is a conversation about source code files for various products from antivirus companies Symantec, McAfee, and Trend Micro. The chat is between Fxmsp members: Quote "Symantec is aware of recent claims that a number of US-based antivirus companies have been breached. We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned." Quote "We have an active investigation underway related to recent claims, and while it is not complete, we want to transparently share what we have learned. Working closely with law enforcement, our global threat research and forensic teams are leading this investigation. At this moment, we are aware that unauthorized access had been made to a single testing lab network by a third party and some low-risk debugging related information was obtained. We are nearing the end of our investigation and at this time we have seen no indication that any customer data nor source code were accessed or exfiltrated. Immediate action was taken to quarantine the lab and additionally secure all corresponding environments. Due to the active nature of the investigation, we are not in a position to share any additional information, but we will provide an update when additional insights become available and can be disclosed." - Trend Micro spokeperson - Quote "McAfee is aware of this threat claim targeting the industry. We’ve taken necessary steps to monitor for and investigate it." Source: AdvIntelArstechnica BleepingComputer Summary: A group by the name of FXMSP has breached 3 US antivirus companies and are selling access and source codes for $300,000. Media: Quotes/Excerpts: Quote A report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of...hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. The collective, calling itself “Fxmsp,” is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims. AdvIntel, told Ars that his company notified “the potential victim entities” of the breach through partner organizations; it also provided the details to US law enforcement. Fxmsp has a well-known reputation in the security community for selling access to breaches, focusing on large, global companies and government organizations. The group was singled out in a 2018 FireEye report on Internet crime. The group has sold “verifiable corporate breaches,” pulling in profits approaching $1 million. Over the past two years, Fxmsp has worked to create a network of proxy resellers to promote and sell access to the group’s collection of breaches through criminal marketplaces. In March, the group “stated they could provide exclusive information stolen from three top antivirus companies located in the United States,” AdvIntel’s researchers reported in a blog post going live today. “They confirmed that they have exclusive source code related to the companies' software development.” And the group offered privately to sell the source code and network access to all three companies. Fxmsp had managed to steal source code that included code for antivirus agents, analytic code based on machine learning, and “security plug-ins” for Web browsers. In the past, Fxmsp’s breaches have typically focused on exploiting Internet-connected remote desktop protocol (RDP) and Active Directory servers. But more recently, the group has claimed to have developed a credential-stealing botnet. My Thoughts: I'm sure within the next couple months either the companies affected by this will disclose the breach or a significant amount of coding changes for certain AVs will give away who was hit. Regardless, It's definitely not fun to hear that the companies that you're using to protect yourself have been breached. When it comes down to it, it's more than likely that this was caused by human error, such as password reuse, or phishing as I'd hope these companies have strict security practices. PLEASE QUOTE ME IF YOU ARE REPLYING TO ME Desktop Build: Ryzen 7 2700X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 48GB Corsair DDR4 @ 3000MHz, RX5700 XT 8GB Sapphire Nitro+, Benq XL2730 1440p 144Hz FS Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 Quote The collective, calling itself “Fxmsp,” What is it with hacking groups these days? Can't they get good names? (PS, I'm only joking. Please don't hack me... I think your name is fine... please don't hack me. You're l33t cool, and I'm not. ). Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 They're holding the name for ransom, so I'm going to guess the three products... McAfee Total Protection, McAfee Virus Service and McAfee LiveSafe Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 Anyone else read "AdvIntel" and think to themselves Intel and AMD are playing a tennis match, or is my brain just broken? I wonder if this means anything for consumers using these companies for their antivirus, or if it's just internal company code/access. "Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna Make sure to Quote posts or tag the person with @[username] so they know you responded to them! RGB Build Post 2019 --- Rainbow 2020 --- Velka 5 V2.0 Build 2021 Purple Build Post --- Blue Build Post --- Blue Build Post 2018 --- Project ITNOS CPU i7-4790k Motherboard Gigabyte Z97N-WIFI RAM G.Skill Sniper DDR3 1866mhz GPU EVGA GTX1080Ti FTW3 Case Corsair 380T Storage Samsung EVO 250GB, Samsung EVO 1TB, WD Black 3TB, WD Black 5TB PSU Corsair CX750M Cooling Cryorig H7 with NF-A12x25 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 I bought Bitdefender like a few hours ago......... but I guess that wouldn't be considered a US company? could be one of them though Quote or Tag people so they know that you've replied. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 1 minute ago, _Syn_ said: I bought Bitdefender like a few hours ago......... but I guess that wouldn't be considered a US company? could be one of them though BitDefender is Polish I think. M.S.C.E. (M.Sc. Computer Engineering), IT specialist in a hospital, 30+ years of gaming, 20+ years of computer enthusiasm, Geek, Trekkie, anime fan Main PC: AMD Ryzen 7 5800X3D - EK AIO 360 D-RGB - Arctic Cooling MX-4 - Asus Prime X570-P - 4x8GB DDR4 3200 HyperX Fury CL16 - Sapphire AMD Radeon 6950XT Nitro+ - 1TB Kingston Fury Renegade - 2TB Kingston Fury Renegade - 512GB ADATA SU800 - 960GB Kingston A400 - Seasonic PX-850 850W - custom black ATX and EPS cables - Fractal Design Define R5 Blackout - Windows 11 x64 23H2 - 3 Arctic Cooling P14 PWM PST - 5 Arctic Cooling P12 PWM PST Peripherals: LG 32GK650F - Dell P2319h - Logitech G Pro X Superlight with Tiger Ice - HyperX Alloy Origins Core (TKL) - EndGame Gear MPC890 - Genius HF 1250B - Akliam PD4 - Sennheiser HD 560s - Simgot EM6L - Truthear Zero - QKZ x HBB - 7Hz Salnotes Zero - Logitech C270 - Behringer PS400 - BM700 - Colormunki Smile - Speedlink Torid - Jysk Stenderup - LG 24x External DVD writer - Konig smart card reader Laptop: Acer E5–575G-386R 15.6" 1080p (i3 6100U + 12GB DDR4 (4GB+8GB) + GeForce 940MX + 256GB nVME) Win 10 Pro x64 22H2 - Logitech G305 + AAA Lithium battery Networking: Asus TUF Gaming AX6000 - Arcadyan ISP router - 35/5 Mbps vDSL TV and gadgets: TCL 50EP680 50" 4K LED + Sharp HT-SB100 75W RMS soundbar - Samsung Galaxy Tab A8 10.1" - OnePlus 9 256GB - Olymous Cameda C-160 - GameBoy Color Streaming/Server/Storage PC: AMD Ryzen 5 3600 - LC-Power LC-CC-120 - MSI B450 Tomahawk Max - 2x4GB ADATA 2666 DDR4 - 120GB Kingston V300 - Toshiba DT01ACA100 1TB - Toshiba DT01ACA200 2TB - 2x WD Green 2TB - Sapphire Pulse AMD Radeon R9 380X - 550W EVGA G3 SuperNova - Chieftec Giga DF-01B - White Shark Spartan X keyboard - Roccat Kone Pure Military Desert strike - Logitech S-220 - Philips 226L Livingroom PC (dad uses): AMD FX 8300 - Arctic Freezer 64 - Asus M5A97 R2.0 Evo - 2x4GB DDR3 1833 Kingston - MSI Radeon HD 7770 1GB OC - 120GB Adata SSD - 500W Fractal Design Essence - DVD-RW - Samsung SM 2253BW - Logitech G710+ - wireless vertical mouse - MS 2.0 speakers Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 Just now, 191x7 said: BitDefender is Polish I think. Romanian, but who knows what they meant Quote or Tag people so they know that you've replied. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 13 minutes ago, valdyrgramr said: Malwarebytes is American. But that's at least anti-malware. All antiviruses are anti-malware. Not a single antivirus only detects just viruses in the right meaning of the word (parasitic file infectors). Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 There was a joke? Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 21 minutes ago, valdyrgramr said: Will a spork do? No but a fpoon might. The ability to google properly is a skill of its own. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 44 minutes ago, valdyrgramr said: Malwarebytes is American. But that's at least anti-malware. I honestly don't get the joke, can you explain it? Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 8 minutes ago, valdyrgramr said: People get bitchy when you call Malwarebyes an anti-virus program. Oh, now I feel dumb Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 1 hour ago, valdyrgramr said: People get bitchy when you call Malwarebyes an anti-virus program. That's suppose to be a joke? O_o It's an antivirus. Or Antimalware. It's the same shit. 30 to almost 40 years ago antiviruses detected only viruses and the name sticked since there wasn't anything else. As time passed, all antiviruses eventually evolved into antimalware apps since they had to protect users from other "malware" which is a cover word for any kind of malicious software. Not to mention file infectors are actually very rare these days. I'm floating more in this field and I don't really see people bitching about it which is why I didn't even see it as a joke of any kind... Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 3 hours ago, TVwazhere said: Anyone else read "AdvIntel" and think to themselves Intel and AMD are playing a tennis match, or is my brain just broken? Take a nap and come back tomorrow lol CPU: Intel i7 7700K | GPU: ROG Strix GTX 1080Ti | PSU: Seasonic X-1250 (faulty) | Memory: Corsair Vengeance RGB 3200Mhz 16GB | OS Drive: Western Digital Black NVMe 250GB | Game Drive(s): Samsung 970 Evo 500GB, Hitachi 7K3000 3TB 3.5" | Motherboard: Gigabyte Z270x Gaming 7 | Case: Fractal Design Define S (No Window and modded front Panel) | Monitor(s): Dell S2716DG G-Sync 144Hz, Acer R240HY 60Hz (Dead) | Keyboard: G.SKILL RIPJAWS KM780R MX | Mouse: Steelseries Sensei 310 (Striked out parts are sold or dead, awaiting zen2 parts) Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 It would have been nice if someone had told us what the three, and possibly, fourth AV companies were. Jeannie As long as anyone is oppressed, no one will be safe and free. One has to be proactive, not reactive, to ensure the safety of one's data so backup your data! And RAID is NOT a backup! Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 only US companies I can think of is Symantec, McAfee, and Malwarebytes "If a Lobster is a fish because it moves by jumping, then a kangaroo is a bird" - Admiral Paulo de Castro Moreira da Silva "There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown Spoiler Intel Core i7-3960X @ 4.6 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 Good thing I don’t use one I guess. First one that comes to mind is PC Matic. Their commercials are hilarious. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 good thing i use kaspersky Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Spoiler Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 So which A/V's were breached? Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 Just now, TempestCatto said: So which A/V's were breached? Top ones. None named as of yet. A society's accepted views of the world surrounding said society is both the making and undoing of society itself. “While one person hesitates because he feels inferior, the other is busy making mistakes and becoming superior.” - Henry C. Link Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 7 hours ago, valdyrgramr said: Malwarebyes an anti-virus program. DID... YOU... JUST... CALL... MALWARE... BITES... AN ANTIVIRUS PROGRAM... FNIGE Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 Just now, valdyrgramr said: Yes because Washu is the greatest! Why is his sisters on his shoulders? FNIGE Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 What comes to my mind: Symantec, McAfee, Microsoft, Malwarebytes Tbh this is not the first time this kind of attack happened. Remember in 2012, Symantec’s network got hacked twice in the same year? [source][source] Let’s not forget the Duqu 2.0 attack in 2012 where allegedly, English speaking state sponsored hackers infiltrated Kapersky’s network to steal their code but was stopped when they’re beta testing their enterprise product. [here] There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 10, 2019 2 hours ago, captain_to_fire said: What comes to my mind: Symantec, McAfee, Microsoft, Malwarebytes Also Comodo is American. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 11, 2019 Guess I got lucky using slovakian antiviruses (ESET nod32) Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB CPU: Ryzen 9 5900X Case: Antec P8 PSU: Corsair RM850x Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now