Cybercriminal band of the allegedly Russian origin put up for sale information that was stolen from three American antivirus software producers.The case is linked to Exmsp band that for a long time specializes of sales of original corporate data. As reports IT-company Advanced Intelligence (AdvIntel), criminals earned with their illegal business about $1 million.
Fmsp exists since 2017 and is well-known on cybercriminal forums. According to Advltel, band includes Russian – and English – speaking hackers. Main aim of cybercriminals are governmental institutions around the world as they steal from them confidential information. Sales of stolen data performed through the network of reliable intermediaries.
As a rule, Exmsp invades in corporate networks though available from the outside RDP servers and unprotected active directories. In addition, cybercriminals created botnet that is fishing credentials from victims.
In March 2019, Exmsp reported that they got the data of three US cybersecurity solutions producers, including initial codes of antivirus products, artificial intelligence and security plugins. For access to corporate networks and stolen information band extorts $300 000.
“If what they’re offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless… or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool”, — considers Forbes analyst Lee Mathews.
Cybercriminals do not disclose names of compromised companies, though provide screenshots for their identification. Fxmsp also offers “screenshots of folders with 30 Terabytes of data that was allegedly extracted from corporate networks”. Folders contain documents on development of artificial intelligence, solutions for Internet security and codes of antivirus products.
Antivirus software suggests work with deep network penetration. The hope is that one of cybersecurity business leaders would fork out $300 000 to save these 30 Tb of stolen information, otherwise computers all over the world are endangered.
Recommendations & Possible Mitigation from Advintel
Monitoring and reviewing the network perimeter for any externally-exposed Remote Desktop Protocol (RDP) servers and Active Directory (AD) might reduce exposure to the known two initial attack vectors.
Employing robust patching and security hygiene, as well as monitoring for spearphishing email messages might assist with identifying early warnings linked to the Fxmsp’s newer attack vector environment.
Segregating and protecting sensitive source code development environments from access to the main network might thwart attempts to exfiltrate intellectual property from the network.