Regarding the alleged hack of three cybersecurity vendors.
On April 24, 2019, The hacker collective Fxmsp claimed to have obtained access to three leading cybersecurity vendors. The hacker collective said to have extracted sensitive source code from antivirus software, AI, and security plugins belonging to the three companies.
Tieto have been in contact with all three of these vendors, in order to assess the legitimacy in these claims. At this point, all three vendors are doing their own investigations into the matter, wich hopefully will result in a definitive answer. We will keep track of the development in this matter, and we will update this blog post when we have anything confirmed.
Recommendations & Possible Mitigation
- As always, a single point of failure is bound to fail some time. A comprehensive Defense In Depth strategy is the best way to protect digital resources against attacks and breaches.
- Monitoring of endpoint and network activity such as remote access, to detect anomalies.
Read more about the claimed breach here. (https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/)
Fxmsp is a hacking collective that has operated in various top-tier underground communities since 2017. They are known for targeting corporate and government networks worldwide.