Threat actor keeps low profile, date of the attack unknown

May 26, 2015 13:05 GMT  ·  By

Hex-Rays, developers of IDA (Interactive Disassembler), became the target of a cyber-attack, which may have compromised the license keys issued to customers.

IDA is used for software reverse engineering purposes, and it is widely used in the security industry to get the source code of malware samples, thus revealing the functions and instructions that make the threat tick.

The product also includes debugging functionality, which often helps analysts deal with the obfuscation techniques added by malware authors in their code.

Briefly put, IDA is an essential tool in malware analysis and this is reflected not only in its list of capabilities, but also in its price. A license for the starter edition is $589 (€529), while the price for the Professional variant starts at $1,129 (€1019).

Intrusion may have occurred via the forum or blogging software

On Monday, Hex-Rays support team sent an email notification to its customers about a recent attack that may have resulted in the compromise of some license keys along with the web forum and the quotation system.

Justin Case from Android Police took a screenshot of the letter, which added that the license keys contained customer names and email addresses.

The company did not discover any evidence that other type of information (financial data or credentials) was affected by the incident.

“Unfortunately we do not know when exactly the attack was carried out because the attacker kept low profile,” reads the email from Hex-Rays.

However, the company believes that the intrusion occurred via the forum and the blogging software, which represent the dynamic part of its web server.

Old keys replaced, customers advised to change access password

To make sure that customers do not face any trouble using IDA, the company decided to issue new license keys. The old ones have been discarded and can no longer be used to receive software updates.

As precaution, the developer advises clients to change their password for the forum and the quotation system.