Article 4ESQA Hackers breached 3 US antivirus companies, researchers reveal

Hackers breached 3 US antivirus companies, researchers reveal

by
Sean Gallagher
from Ars Technica - All content on (#4ESQA)
fxmsp-800x657.jpg

Enlarge / An infographic from Advanced Intelligence showing the hacking group Fxmsp's breach-selling business model. (credit: AdvIntel)

In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. The collective, calling itself "Fxmsp," is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims.

Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified "the potential victim entities" of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data "through a private conversation," Boguslavskiy said. "However, they claimed that their proxy sellers will announce the sale on forums."

Fxmsp has a well-known reputation in the security community for selling access to breaches, focusing on large, global companies and government organizations. The group was singled out in a 2018 FireEye report on Internet crime for selling access to corporate networks worldwide, including a global breach of a luxury hotel group-potentially tied to the Marriott/Starwood breach revealed last November. AdvIntel's researchers say the group has sold "verifiable corporate breaches," pulling in profits approaching $1 million. Over the past two years, Fxmsp has worked to create a network of proxy resellers to promote and sell access to the group's collection of breaches through criminal marketplaces.

Read 3 remaining paragraphs | Comments

index?i=8dv5dOAk7aQ:GzXk_EezfPY:V_sGLiPB index?i=8dv5dOAk7aQ:GzXk_EezfPY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments