View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 25, 2019updated 26 Jun 2019 9:14am

Trend Micro Wraps Up Investigation into Fxmsp Hack: Code Was “Artifacts Used for Debugging Purposes”

"We continue with further hardening of our systems and policies"

By CBR Staff Writer

Japanese security conglomerate Trend Micro has wrapped up an internal investigation after falling victim to a security incident that saw one of its own testing lab environments breached – with alleged source code and network access later offered for sale on the Dark Web.

Russian-speaking group Fxmsp had been touting the data for $300,000 on Russian  forums, claiming it had 30TB of aggregated data. The incident was of some embarrassment for Trend Micro, which runs arguably the world’s largest bug bounty programme, the Zero Day Initiative.

It had been first reported by New York-based threat intelligence company Advanced Intelligence (AdvIntel), based on its interactions with the threat actor. AdvIntel initially reported Fxmsp’s claims that three cybersecurity companies had been penetrated by a group it dubbed Fxmsp: Trend Micro, Symantec and Norton.

Fxmsp had “confirmed that they have exclusive source code related to the companies’ software development” the company wrote in a blog. This was not substantiated: Symantec and Norton denied outright that they had been breached, although Trend Micro had indeed suffered a notable security incident.

See also: Are Stock Photos a Threat to Cybersecurity?

A Trend Micro spokesman told Computer Business Review: “We have concluded our internal investigation into the recent claims of an intrusion into one of our testing lab environments, and as promised, we are sharing a summary of our key findings. Trend Micro source code and customer data remains secure.”

“Evidence shows that during the unauthorized access to a single testing lab environment, the malicious group Fxmsp obtained artifacts used for debugging purposes. Remediation measures were immediately implemented, and we continue with further hardening of our systems and policies.”

The company added: “Our highest priority remains protecting our customers and partners, and we remain committed to this.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

“This incident reinforces the message that every organization must constantly remain vigilant with their security measures as hackers continue to sharpen their attack methodologies and widen their attack surface.”

Fxmsp had told Advanced Intelligence researchers that it accessed network environments via Remote Desktop Protocol (RDP) servers and exposed Active Directory accounts. It also claimed to have developed a credential-stealing botnet capable of infecting high-profile targets.

AdvIntel’s Yelisey Boguslavskiy told Computer Business Review: “AdvIntel had never suggested that the three cybersecurity companies had been breached by the Fxmsp actor group, we have published their claims, and we work to enable successful identification and disruption of the compromised network access that allowed to mitigate the companies exposure to this threat.”

He added: “AdvIntel has emphasized multiple times that the scale of the incident is massive due to the user exposure of Trend Micro customer base”, claiming the “stolen symbol and debugging files enable the Fxmsp group to… expand the anti-virus exploitable attack surface and exploit the intricacies of the original confidential source code itself.”

See also: Trend Micro Admits it Was Hacked, Symantec Denies Claims of “Fxmsp” Breach

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.