A hacking group, said to run in both English- and Russian-speaking circles online, have offered to sell internal documents and code allegedly stolen from the servers of three major anti-virus companies.
A hacking collective called “Fxsmsp” claimed responsibility for compromising the internal networks of the three companies, according to a report Thursday by the thread-research firm AdvIntel. The group is reportedly offering to sell materials it stole for over $430,062.
Fxsmsp is a “credible threat” that has raked in close to $1 million by selling off data stolen in “verifiable corporate breaches,” AdvIntel researchers have assessed with high confidence. “They have a long-standing reputation for selling sensitive information from high-profile global government and corporate entities,” the company said in a report.
Ars Technica reported that the potential victims have been notified. AdvIntel, which first alerted law enforcement to the alleged intrusions, has not identified the victims publicly.
The company said it had reviewed screenshots of folders purportedly containing up to 30 terabytes of stolen data. The information, it said, appeared relevant to the companies’ “development documentation, artificial intelligence model, web security software, and antivirus software base code.”
AdvIntel did not immediately respond to a request for comment.
“Most recently, the actor [Fxsmsp] claimed to have developed a credential-stealing botnet capable of infecting high-profile targets in order to exfiltrate sensitive usernames and passwords,” the company reported. Profiting from data theft has long been Fxmsp’s stated goal, it said.
More recently, the group, whom researchers say appears to be Russian, has shifted its focus almost entirely to infiltrating antivirus companies.
“The actor claimed that antivirus breach research has been their main project over the last six months,” AdvIntel wrote, “which directly correlates with the six-month period during which they were silent on the underground forums where they normally post.”
Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that Fxmsp’s proxy would announce the sale of the companies’ stolen data soon “on forums.”