Antivirus Makers Confirm – And Deny – Getting Breached After Hackers Offer Stolen Data Online

Antivirus Makers Confirm – And Deny – Getting Breached After Hackers Offer Stolen Data Online
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Gizmodo Australia homepage to visit whenever you need a news fix.

Symantec, the maker of Norton Antivirus software, denied on Monday having ever been contacted in connection with reports that three major antivirus companies have been compromised. “We have no indication that Symantec has been impacted and do not believe there is reason for our customers to be concerned,” the company said.

Security software firm Trend Micro, meanwhile, confirmed to Gizmodo that data linked to one of its testing labs had been accessed without authorization. It labelled the incident as “low risk” however, and said that neither customer data nor any source code had been accessed or exfiltrated.

A spokesperson for McAfee, the maker of McAfee VirusScan, did not immediately confirm whether the company had been contacted about a potential breach. It is, nevertheless, looking into the matter, it said.

Last week, Advanced Intelligence (AdvIntel), a New York-based threat-research firm, reported that a hacking group was attempting to sell internal documents and source code allegedly stolen from three major antivirus companies. The report did not disclose which U.S. companies might be affected. The hackers, known as “Fxmsp,” are said to be offering to sell the data — purportedly around 30 terabytes’ worth — for over $430,059.

Screenshots offered up as proof by Fxmsp appear to show stolen development documentation, an artificial intelligence model, and antivirus software base code, according to AdvIntel. Its researchers assessed the threat as highly credible, stating that Fxmsp, said to run in both Russian- and English-speaking circles, has already earned close to $1 million off verified corporate breaches.

Yelisey Boguslavskiy, AdvIntel’s director of research, confirmed last week that his company had been in contact with the potential victims, i.e., the antivirus software companies it believes may be infiltrated. The company said it made the decision not to disclose the victims due to an ongoing law enforcement investigation, in addition to its own internal policies.

On Monday, Symantec told Gizmodo that it was not among those contacted by AdvIntel.

“Symantec is aware of recent claims that a number of US-based antivirus companies have been breached,” the company said. “Researchers at AdvIntel, who released information on the breach to media, stated they had notified potential victim entities of the breach. At this time, Symantec has not been contacted by AdvIntel.”

Trend Micro said its investigation into the matter was still underway and that it was working “closely with law enforcement,” but that it wanted to “transparently share what we have learned.”

“At this moment, we are aware that unauthorised access had been made to a single testing lab network by a third party and some low-risk debugging related information was obtained,” Trend Micro said. “We are nearing the end of our investigation and at this time we have seen no indication that any customer data nor source code were accessed or exfiltrated. Immediate action was taken to quarantine the lab and additionally secure all corresponding environments.”

Trend Micro said it would provide additional updates as the investigation unfolds.

A McAfee spokesperson said the company was aware of the claim targeting the industry. “We’ve taken necessary steps to monitor for and investigate it,” they said.