Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies (May 9, 2019)
A Russian hacking collective named “Fxmsp” have claimed responsibility for breaching three anti-virus companies. The hack extracted source, dev documents, software base code, and security plugins from the companies, apparently totaling 30 terabytes worth of data. “Fxmsp” have a history of targeting corporate networks, generating an estimated profit of 1 million USD from selling corporate breaches, using resellers. Known TTPs of the group include accessing networks using remote desktop protocol servers, however recently claiming to have developed a credential-stealing botnet in order to set usernames and passwords from secured systems.
Recommendation: Monitoring and reviewing the network perimeter for any externally-exposed Remote Desktop Protocol (RDP) servers and Active Directory (AD) might reduce exposure to the known two initial attack vectors. Employing robust patching and security hygiene, as well as monitoring for spearfishing email messages might assist with identifying early warnings linked to the Fxmsp’s newer attack vector environment. Segregating and protecting sensitive source code development environments from access to the main network might thwart attempts to exfiltrate intellectual property from the network.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.