The security firm Advanced Intelligence (AdvIntel) said in a blog post on Thursday that Fxmsp specialised in breaching secure, protected networks to exfiltrate private corporate and government information.
AdvIntel said Fxmsp had said in March that they had obtained top-secret information from three top anti-virus companies located in the US.
"AdvIntel subject matter experts assess with high confidence that Fxmsp is a credible hacking collective with a history of selling verifiable corporate breaches returning them profit close to US$1 million," the firm said, adding that it had alerted law enforcement to these claimed intrusions.
"Most recently, the actor claimed to have developed a credential-stealing botnet capable of infecting high-profile targets in order to exfiltrate sensitive usernames and passwords," AdvIntel claimed.
"Fxmsp has claimed that developing this botnet and improving its capabilities for stealing information from secured systems is their main goal."
What would make an amazing auto update target for an implant - anti-virus products. Automated software updates & network traffic by design.— Kevin Beaumont ??♀️ (@GossiTheDog) July 7, 2017
AdvIntel said the claim about data theft from the three top anti-virus companies had been made on 24 April, following intense efforts by Fxmsp during the first quarter of 2019.
The collective claimed to have extracted sensitive source code from the anti-virus and artificial intelligence products of these three US-based companies, plus security plugins.
AdvIntel said Fxmsp had offered screenshots which were claimed to be of folders containing 30TB of data allegedly exfiltrated from these three firms.
"According to 'ShadowRunTeam', a high-profile Russian threat actor operating on Telegram, Fxmsp is reportedly a Moscow resident with the first name 'Andrey' who started to engage in cyber crime activities in mid-2000 and specialised in social engineering," AdvIntel said.
Graphic: courtesy Advanced Intelligence