A New York security firm says that an international cybercrime group has penetrated the company networks of three unnamed U.S.-based antivirus firms, and stolen some 30 terabytes of data. The group is offering to sell the data, plus access to the company networks, for $300,000.
As first reported by Ars Technica, the fledgling "boutique cybersecurity firm" Advanced Intelligence, Inc., says that a "Russian- and English-speaking hacking collective" called Fxmsp spent the last six months trying to work its way into the antivirus firms' networks, and finally announced success on April 24.
One stolen data set seen by Advanced Intelligence seems "to contain information about the company's development documentation, artificial intelligence model, web security software and antivirus software base code," according to an Advanced Intelligence blog posting.
The posting included what appeared to be a screenshot of a code editor and a Windows Explorer window showing a file structure. One commenter at Ars Technica said the code editor appeared to actually be a decompiler, a tool that tries to reconstruct software source code by analyzing binary data.
There's a lot we don't know about this disclosure. Was there any personal information about antivirus company clients in the stolen data? Could malicious hackers create more powerful malware if they got a look at antivirus source code? Does Fxmsp actually have the source code, or is it just trying to decompile binaries?
And last but not least, which three U.S.-based antivirus companies were breached in these alleged attacks? We can think of only a handful of major players in the consumer market: Comodo, Malwarebytes, McAfee, Microsoft, Symantec/Norton and Webroot.
But there are many other "next-gen" security providers in the enterprise market: Carbon Black, CrowdStrike, Cybereason, Cylance, FireEye, Morphisec, Palo Alto Networks, SentinelOne and doubtless more we've never heard of. Some of these relatively new firms resist the "antivirus" appellation, 'cause that's old hat, but perhaps attackers looking to steal source code wouldn't be so fussy.
In any case, we do know that Advanced Intelligence says it called the cops when it saw the Fxmsp data. So the FBI is on the case — and the companies that were breached should already know who they are. With luck, someday we might know, too.