A high-profile Russian- and English-speaking hacking collective called "Fxmsp" claims that they could provide exclusive information stolen from three top anti-virus companies located in the United States.
The hackers confirmed that they have exclusive source code related to the companies' software development. They are offering to sell it, and network access, for over $300,000 USD.
Throughout 2017 and 2018, Fxmsp established a network of trusted proxy resellers to promote their breaches on the criminal underground. Some of the known Fxmsp TTPs included accessing network environments via externally available remote desktop protocol (RDP) servers and exposed active directory.
Most recently, the actor claimed to have developed a credential-stealing botnet capable of infecting high-profile targets in order to exfiltrate sensitive usernames and passwords. Fxmsp has claimed that developing this botnet and improving its capabilities for stealing information from secured systems is their main goal.
On April 24, 2019, Fxmsp claimed to have secured access to three leading antivirus companies. According to the hacking collective, they worked for the first quarter of 2019 to breach these companies and finally succeeded and obtained access to the companies’ internal networks.
The collective extracted sensitive source code from antivirus software, AI, and securirty plugins belonging to the the companies. Fxmsp also commented on the capabilities of the different companies’ software and assessed their efficiency.
The collective provided a list of specific indicators through which it is possible to identify the company even when a seller is not disclosing its name. Fxmsp offered screenshots of folders purported to contain 30 terabytes of data, which they allegedly extracted from these networks.
According to AdvIntel, the security firm that reported the activity of the hackers, Fxmsp is a credible hacking collective that has a history of selling verifiable corporate breaches returning them profit close to $1,000,000 USD.
AdvIntel says that it has alerted US law enforcement regarding the purported intrusions.