The three US-based antivirus software vendors that had been breached by a Russian hacking group have now been identified.
Last week a report by Advance Intelligence announced that a high-profile Russian hacking group, known as ‘Fxmsp’ had breached three US-based antivirus software vendors. The group was offering to sell the stolen data and source codes for $300,000.
It has now been identified that McAfee, Symantec and Trend Micro are the three companies that have been breached.
Symantec confirmed that it was contacted by the researchers at AdvIntel, and are aware of the claims surrounding the breaches against US-based antivirus companies. A Symantec spokesperson said:
“We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned.”
Fxmsp has claimed that Symantec was one of the alleged victims however sufficient evidence has not been provided to support this allegation.
A spokesperson for McAfee wrote:
“McAfee has been conducting a thorough investigation into these claims. To date, we’ve found no indication that McAfee products, services or networks have been impacted by the campaign described.”
Trend Micro has confirmed that the data linked to its testing labs had been accessed by an unauthorised third party, stating in an email:
“We have an active investigation underway related to recent claims, and while it is not complete, we want to transparently share what we have learned. Working closely with law enforcement, our global threat-research and forensic teams are leading this investigation.
“Some low-risk debugging related information was obtained. We are nearing the end of our investigation and at this time we have seen no indication that any customer data nor source code were accessed or exfiltrated.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/