A Russian hacking group Fxmsp is offering for sale the access to the networks of at least three antivirus companies in the US and source code of their software.

Fxmsp is a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information.

The group is offering the accesses to the single companies for $250,000 and is asking $150,000 for the source code of the software. Buyers can also pay at least $300,000 acquiring both, the price depends on the antivirus company.

“AdvIntel subject matter experts assess with high confidence that Fxmsp is a credible hacking collective with a history of selling verifiable corporate breaches returning them profit close to $1,000,000 USD. AdvIntel alerted law enforcement regarding these claimed intrusions.” reported Advanced Intelligence.

Since March, Fxmsp announced in cybercrime forums the availability of information stolen from major antivirus companies located in the U.S.

Between 2017 and 2018, Fxmsp created a network of trusted proxy resellers to promote their breaches on the criminal underground.

Fxmsp used to compromise Active Directory of target organizations and ensure external access through remote desktop protocol (RDP) connections.

Recently the group is claiming to have developed a credential-stealing botnet capable of infecting high-profile targets and exfiltrate sensitive data, including access credentials.

A few weeks later, Fxmsp confirmed to have breached the networks of some security companies’ and to have obtained long-term access.

They are offering 30 terabytes of data allegedly stolen from the networks of the hacked companies.

“The collective provided a list of specific indicators through which it is possible to identify the company even when a seller is not disclosing its name.” continues AdvIntel.

“The folders seem to contain information about the company’s development documentation, artificial intelligence model, web security software, and antivirus software base code,”

The FXMSP claimed that the hack of antivirus companies’ network has been their main project over the last six months and also during the other six months during which the hackers temporarily disappeared form cybercrime forums.

“Targeting antivirus companies appears to have been the primary goal of Fxmps’ latest network intrusions.” continues the post. “The actor claimed that antivirus breach research has been their main project over the last six months, which directly correlates with the six-month period during which they were silent on the underground forums where they normally post. This period started with their seeming disappearance in October 2018 and concluded with their return in April 2019.”

Giving a look at past activities carried out by the collective, on April 5, 2018, Fxmsp attempted to sell the access to information for the network of a hotel chain with locations in Europe, Africa, and South America.

Who is behind Fxmsp?

According to “ShadowRunTeam,” another high-profile Russian threat actor Fxmsp is reportedly a Russian nation resident in Moscow with the first name “Andrey.” The man is involved in cybercrime activities since mid-2000.

According to Advanced experts, Fxmsp is a credible threat actor and it has already earned roughly $1,000,000 USD by hacking corporate networks.

Pierluigi Paganini

(SecurityAffairs – antivirus companies, Fxmsp)

Share this...

Linkedin Reddit Pinterest

Share On