Hex-Rays, the binary software analysis company that develops Interactive Disassembler (IDA), says it has detected a breach on one of its servers.
IDA is a popular disassembler that generates assembly language source code from machine-executable code. Hex-Rays licenses the commercial version of the solution, IDA Pro.
According to the company, malicious actors gained unauthorized access to license key (ida.key) files, which contain the customer’s name, email address, and product names. The attackers might have also accessed the forum and quotation system. Hex-Rays says there is no evidence that other information was obtained.
Hex-Rays has issued new IDA license key files to replace the ones that have been compromised. The company has noted that not all license keys need to be replaced. Furthermore, these key files are tied to an email addresses and they can’t be used to receive software updates without having access to that account.
In addition to replacing compromised key files, Hex-rays is advising customers to change their password on the forum and quotation system.
The investigation is still ongoing. However, Ilfak Guilfanov, the original developer of IDA and founder of Hex-Rays, told SecurityWeek that this appears to be a targeted attack.
The hackers tried to keep a low profile and collected key data silently. It’s unclear what their goal was, Guilfanov said.
The breach was detected on May 19 and the impacted server was cleaned up the same day. It’s unclear at this point how the attack was carried out, but Hex-Rays believes the dynamic part of its web server, the forum and blogging software, might be a possible attack vector.
“The keys issued on the 20th of May or later are considered to be safe. Also the keys there were never uploaded to our web site (this is done as part of the update procedure, to receive a new version of the software), these keys are considered to be safe too,” Guilfanov said via email.