U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Top-Tier Russian Hacking group Fxmsp claims hack of major AntiVirus Companies

A Russian hacking group Fxmsp is offering for sale the access to the networks of at least three antivirus companies in the US and source code of their software. Fxmsp is a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information. The group is offering the accesses to the […]

Fxmsp hacked antivirus companies 2

A Russian hacking group Fxmsp is offering for sale the access to the networks of at least three antivirus companies in the US and source code of their software.

Fxmsp is a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information.

The group is offering the accesses to the single companies for $250,000 and is asking $150,000 for the source code of the software. Buyers can also pay at least $300,000 acquiring both, the price depends on the antivirus company.

AdvIntel subject matter experts assess with high confidence that Fxmsp is a credible hacking collective with a history of selling verifiable corporate breaches returning them profit close to $1,000,000 USD. AdvIntel alerted law enforcement regarding these claimed intrusions.reported Advanced Intelligence.

Since March, Fxmsp announced in cybercrime forums the availability of information stolen from major antivirus companies located in the U.S.

Between 2017 and 2018, Fxmsp created a network of trusted proxy resellers to promote their breaches on the criminal underground.

Fxmsp used to compromise Active Directory of target organizations and ensure external access through remote desktop protocol (RDP) connections.

Recently the group is claiming to have developed a credential-stealing botnet capable of infecting high-profile targets and exfiltrate sensitive data, including access credentials.

Fxmsp hacked antivirus companies 2

A few weeks later, Fxmsp confirmed to have breached the networks of some security companies’ and to have obtained long-term access.

They are offering 30 terabytes of data allegedly stolen from the networks of the hacked companies.

Fxmsp hacked antivirus companies

“The collective provided a list of specific indicators through which it is possible to identify the company even when a seller is not disclosing its name.” continues AdvIntel.

“The folders seem to contain information about the company’s development documentation, artificial intelligence model, web security software, and antivirus software base code,”

The FXMSP claimed that the hack of antivirus companies’ network has been their main project over the last six months and also during the other six months during which the hackers temporarily disappeared form cybercrime forums.

“Targeting antivirus companies appears to have been the primary goal of Fxmps’ latest network intrusions.” continues the post. “The actor claimed that antivirus breach research has been their main project over the last six months, which directly correlates with the six-month period during which they were silent on the underground forums where they normally post. This period started with their seeming disappearance in October 2018 and concluded with their return in April 2019.”

Giving a look at past activities carried out by the collective, on April 5, 2018, Fxmsp attempted to sell the access to information for the network of a hotel chain with locations in Europe, Africa, and South America.

Who is behind Fxmsp?

According to “ShadowRunTeam,” another high-profile Russian threat actor Fxmsp is reportedly a Russian nation resident in Moscow with the first name “Andrey.” The man is involved in cybercrime activities since mid-2000.

According to Advanced experts, Fxmsp is a credible threat actor and it has already earned roughly $1,000,000 USD by hacking corporate networks.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – antivirus companies, Fxmsp)

[adrotate banner=”5″]

[adrotate banner=”13″]