May 10, 2019 16:45:00

Three anti-virus companies hacked together to dump 30TB of data, hackers are recruiting buyers for $ 300,000

It turned out that one of Russia's largest hackers was stealing 30 TB worth of data from three US anti-virus companies. The hacker group is widely advertising the success of data theft, and is asking for buyers for $ 300,000 (approximately 33 million yen).

Top-Tier Russian Hacking Collective Claims Breaths of Three Major Anti-Virus Companies

https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies

Hackers breached 3 US antivirus companies, researchers reveal | Ars Technica
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/

The US security company Advanced Intelligence (AdvIntel) announces on its blog that the Russian hacker group 'Fxmsp' has obtained information that it has successfully hacked into three major US anti-virus companies. did. Although the name of the affected company has not been disclosed, AdvIntel has confirmed the confidential information leading to the identification of the specific company name, and it is clear that Fxmsp has succeeded in hacking.

The following image is a screenshot of the data that was actually released by AdvIntel and stolen by Fxmsp by hacking.

What has been stolen is development data, analysis data based on machine learning, source code of anti-virus software and security plug-in, etc., and the data totals 30 TB. After stealing the data, Fxmsp advertises the results on the underground forum in a large scale, and has even done the performance to score the performance of the anti-virus software that has been stolen. In addition, it seems that the stolen data and hacking method are combined and sold for $ 300,000 or more via an agent.

Fxmsp is a hacker group that has been confirmed to be active in the Russian and English-speaking hacker communities from around 2017. In April 2018, it hacked a luxury hotel chain and sold a way to break into the network, etc. was doing.

The following image is a map that summarizes the location of a hacked luxury hotel.

Also, according to the information obtained by AdvIntel from another Russian hacker group 'ShadowRunTeam', there is a rumor that Fxmsp's true identity is not a person called 'Andrey', a

social engineering expert who lives in Moscow. .

Fxmsp's approach is getting more and more sophisticated, and so far it has abused ' Remote Desktop Protocol (RDP)' and ' Active Directory (AD)', but this time it steals usernames and passwords. We are switching to a more promiscuous and hacking method using botnets .

AdvIntel warns that Fxmsp is a powerful hacker group that earns more than $ 1 million (about 110 million yen) even if it is known, and the hacking damage has already been made by the FBI. It was reported that the victim company was notified.