Russian hacking group Fxmsp attacked three US antivirus companies

On April 24, 2019, the hacker group Fxmsp claimed that they have penetrated three anti-virus companies and extracted the source code from their anti-virus software, artificial intelligence and security plug-ins. Fxmsp is said to be a Russian- and English-speaking hacker that targets sensitive databases and steals sensitive data from corporate and government entities. The hacker organization has been active since 2017 and is known for attacking global businesses and government networks.

According to the latest report from Advanced Intelligence, LLC, “Fxmsp stated they could provide exclusive information stolen from three top anti-virus companies located in the United States. They confirmed that they have exclusive source code related to the companies’ software development. They are offering to sell it, and network access, for over $300,000 USD.”

“Throughout 2017 and 2018, Fxmsp established a network of trusted proxy resellers to promote their breaches on the criminal underground. Some of the known Fxmsp TTPs included accessing network environments via externally available remote desktop protocol (RDP) servers and exposed active directory.”

According to screenshots provided by Fxmsp, the organization has 30 terabytes of data, all extracted from the anti-virus company network, but they did not disclose the company’s name. Experts say the folder contains information about the company’s development documentation, artificial intelligence models, network security software, and anti-virus software base code. According to senior intelligence researchers, Fxmsp has a history of selling stolen data, which brings them nearly $1 million in profits.

Source, Image: advanced-intel