Within the security community, it’s now an open secret that there’s been a black market for zero day exploits and data that has lined the pockets of skilled infiltrators for years. Now, researchers at Advanced Intelligence(AdvIntel) claim that a hacking collective called Fxmsp have breached three large anti-virus companies and are selling the data for around $300,000. This isn’t Fxmsp’s first stint at robbing and selling critical information. According to AdvIntel, the Russian and English speaking group have been selling information stolen from governments and corporations for years. In total, the group has amassed 1 million dollars from their exploits.
FireEye’s 2018 crime report tracked the activities of this hacker group. According to the report, the group has targeted hotels, financial services, infrastructure, IT, education sector, charity organizations, among others. Though, its main focus is on retail and hotels, which may explain the Marriott breach, where the sensitive information of hundreds of millions of people was stolen.
The report also yields that its buyers span the globe with 32%(most) of their buyers located in South America and only 8%(least) located in Europe. The second highest percentage of buyers of Fxmsp’s stolen software is located in the Middle East. With this data in mind, AdvIntel claims that all three anti-virus companies are located in the U.S. To further legitimize the price point, the hackers claim that have “exclusive source code related to the companies’ software development.”
The way the hackers are able to sell their goods in the black market, according to AdvIntel, is through a network of proxy resellers. The “buyers” mentioned above are these same resellers who contribute to the anonymity of the source(Fxmsp). AdvIntel provides a nice demonstration of this in their infographic:
Here’s a breakdown of the infiltration and information release, as reported by AdvIntel:
January to April:
- Hackers work tirelessly to breach three anti-virus companies.
April 24, 2019 and beyond:
- Fxmsp gains access to the internal networks of the companies
- Fxmsp “extracted sensitive source code from antivirus software, AI, and securirty plugins belonging to the the companies.”
- Fxmsp then documents the capabilities and efficiency of the source code, showing extensive knowledge of the codebase
- According to AdvIntel, Fxmsp provides “screenshots of folders purported to contain 30 terabytes of data, which they allegedly extracted from these networks.”
The data breach appears to be significant. Aside from anti-virus code, the hackers stole AI models, documentation, and security software. Though the researchers provide methods to reduce exposure via RDP and Active Directory servers by segregating sensitive source code and monitoring the network, sophisticated botnets may make security a difficult task to manage. “[Fxmsp] claimed to have developed a credential-stealing botnet…Fxmsp has claimed that developing this botnet and improving its capabilities for stealing information from secured systems is their main goal.”
Well, if that’s true, mission accomplished.