Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

IDA Developer Hex-Rays Falls Victim to Targeted Attack

Hex-Rays, the binary software analysis company that develops Interactive Disassembler (IDA), says it has detected a breach on one of its servers.

IDA is a popular disassembler that generates assembly language source code from machine-executable code. Hex-Rays licenses the commercial version of the solution, IDA Pro.

Hex-Rays, the binary software analysis company that develops Interactive Disassembler (IDA), says it has detected a breach on one of its servers.

IDA is a popular disassembler that generates assembly language source code from machine-executable code. Hex-Rays licenses the commercial version of the solution, IDA Pro.

According to the company, malicious actors gained unauthorized access to license key (ida.key) files, which contain the customer’s name, email address, and product names. The attackers might have also accessed the forum and quotation system. Hex-Rays says there is no evidence that other information was obtained.

Hex-Rays has issued new IDA license key files to replace the ones that have been compromised. The company has noted that not all license keys need to be replaced. Furthermore, these key files are tied to an email addresses and they can’t be used to receive software updates without having access to that account.

In addition to replacing compromised key files, Hex-rays is advising customers to change their password on the forum and quotation system.

The investigation is still ongoing. However, Ilfak Guilfanov, the original developer of IDA and founder of Hex-Rays, told SecurityWeek that this appears to be a targeted attack.

The hackers tried to keep a low profile and collected key data silently. It’s unclear what their goal was, Guilfanov said.

The breach was detected on May 19 and the impacted server was cleaned up the same day. It’s unclear at this point how the attack was carried out, but Hex-Rays believes the dynamic part of its web server, the forum and blogging software, might be a possible attack vector.

Advertisement. Scroll to continue reading.

“The keys issued on the 20th of May or later are considered to be safe. Also the keys there were never uploaded to our web site (this is done as part of the update procedure, to receive a new version of the software), these keys are considered to be safe too,” Guilfanov said via email.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

More People On The Move

Expert Insights