Hackers Say They've Breached Three Antivirus Companies

A New York security firm says that an international cybercrime group has penetrated the company networks of three unnamed U.S.-based antivirus firms and stolen some 30 terabytes of data. The group is offering to sell the data, plus access to the company networks, for $300,000.

As first reported by Ars Technica, the fledgling "boutique cybersecurity firm" Advanced Intelligence, Inc., says that a "Russian- and English-speaking hacking collective" called Fxmsp spent the last six months trying to work its way into the antivirus firms' networks, and finally announced success on April 24.

One stolen data set seen by Advanced Intelligence seems "to contain information about the company's development documentation, artificial intelligence model, web security software and antivirus software base code," according to an Advanced Intelligence blog posting.

MORE: The One Password Tip Everyone Needs to Know

The posting included what appeared to be a screenshot of a code editor and a Windows Explorer window showing a file structure. One commenter at Ars Technica said the code editor appeared to actually be a decompiler, a tool that tries to reconstruct software source code by analyzing binary data.

There's a lot we don't know about this disclosure. Was there any personal information about antivirus company clients in the stolen data? Were the makers of the best antivirus software programs involved? What about the best Mac antivirus software and the best Android antivirus apps? Could malicious hackers create more powerful malware if they got a look at antivirus source code? Does Fxmsp actually have the source code, or is it just trying to decompile binaries?

And last but not least, which three U.S.-based antivirus companies were breached in these alleged attacks? We can think of only a handful of major players in the consumer market: Comodo, Malwarebytes, McAfee, Microsoft, Symantec/Norton and Webroot.

But there are many other "next-gen" security providers in the enterprise market: Carbon Black, CrowdStrike, Cybereason, Cylance, FireEye, Morphisec, Palo Alto Networks, SentinelOne and doubtless more we've never heard of. Some of these relatively new firms resist the "antivirus" appellation, 'cause that's old hat, but perhaps attackers looking to steal source code wouldn't be so fussy.

In any case, we do know that Advanced Intelligence says it called the cops when it saw the Fxmsp data. So the FBI is on the case — and the companies that were breached should already know who they are. With luck, someday we might know, too.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.