Hex-Rays, the binary software analysis company that develops Interactive Disassembler (IDA), says it has detected a breach on one of its servers.
IDA is a popular disassembler that generates assembly language source code from machine-executable code. Hex-Rays licenses the commercial version of the solution, IDA Pro.
According to the company, malicious actors gained unauthorized access to license key (ida.key) files, which contain the customer’s name, email address, and product names. The attackers might have also accessed the forum and quotation system. Hex-Rays says there is no evidence that other information was obtained.
Hex-Rays has issued new IDA license key files to replace the ones that have been compromised. The company has noted that not all license keys need to be replaced. Furthermore, these key files are tied to an email addresses and they can’t be used to receive software updates without having access to that account.
In addition to replacing compromised key files, Hex-rays is advising customers to change their password on the forum and quotation system.
The investigation is still ongoing. However, Ilfak Guilfanov, the original developer of IDA and founder of Hex-Rays, told SecurityWeek that this appears to be a targeted attack.
The hackers tried to keep a low profile and collected key data silently. It’s unclear what their goal was, Guilfanov said.
The breach was detected on May 19 and the impacted server was cleaned up the same day. It’s unclear at this point how the attack was carried out, but Hex-Rays believes the dynamic part of its web server, the forum and blogging software, might be a possible attack vector.
“The keys issued on the 20th of May or later are considered to be safe. Also the keys there were never uploaded to our web site (this is done as part of the update procedure, to receive a new version of the software), these keys are considered to be safe too,” Guilfanov said via email.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
Latest News
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
