Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

IDA Developer Hex-Rays Falls Victim to Targeted Attack

Hex-Rays, the binary software analysis company that develops Interactive Disassembler (IDA), says it has detected a breach on one of its servers.

IDA is a popular disassembler that generates assembly language source code from machine-executable code. Hex-Rays licenses the commercial version of the solution, IDA Pro.

Hex-Rays, the binary software analysis company that develops Interactive Disassembler (IDA), says it has detected a breach on one of its servers.

IDA is a popular disassembler that generates assembly language source code from machine-executable code. Hex-Rays licenses the commercial version of the solution, IDA Pro.

According to the company, malicious actors gained unauthorized access to license key (ida.key) files, which contain the customer’s name, email address, and product names. The attackers might have also accessed the forum and quotation system. Hex-Rays says there is no evidence that other information was obtained.

Hex-Rays has issued new IDA license key files to replace the ones that have been compromised. The company has noted that not all license keys need to be replaced. Furthermore, these key files are tied to an email addresses and they can’t be used to receive software updates without having access to that account.

In addition to replacing compromised key files, Hex-rays is advising customers to change their password on the forum and quotation system.

The investigation is still ongoing. However, Ilfak Guilfanov, the original developer of IDA and founder of Hex-Rays, told SecurityWeek that this appears to be a targeted attack.

The hackers tried to keep a low profile and collected key data silently. It’s unclear what their goal was, Guilfanov said.

The breach was detected on May 19 and the impacted server was cleaned up the same day. It’s unclear at this point how the attack was carried out, but Hex-Rays believes the dynamic part of its web server, the forum and blogging software, might be a possible attack vector.

“The keys issued on the 20th of May or later are considered to be safe. Also the keys there were never uploaded to our web site (this is done as part of the update procedure, to receive a new version of the software), these keys are considered to be safe too,” Guilfanov said via email.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...