Latest Dr.Web Cyberattack: Pro-Ukrainian Hacktivists Declare Victory with Potent Assault

Did you hear about the recent cyberattack on Russian security company Doctor Web (Dr.Web)? A group of pro-Ukrainian hacktivists claimed responsibility for the breach that took place in September.

Last month, Dr.Web confirmed that its network was breached on September 14. The company had to disconnect all internal servers and stop pushing virus database updates to customers while investigating the incident.

In a recent announcement, the hacktivist group DumpForums revealed that they were the ones responsible for the attack. They claimed to have gained access to Dr.Web’s development systems and had control for about a month. During that time, they allegedly stole around ten terabytes of data, including client databases, from the company’s GitLab, email, Confluence, and other compromised servers.

Imagine the cyber equivalent of a thief breaking into your home and snooping around for a month! That’s what happened to Dr.Web, and it’s a chilling reminder of the importance of cybersecurity.

According to ReliaQuest’s Threat Research Team, DumpForums has been an online “hub for hacktivists and patriotic cyber threat actors” since at least late May 2022. Their efforts mainly focus on supporting “the Ukrainian war effort against Russia” through DDoS attacks and leaking information stolen from the Russian government and private entities. source

Dr.Web’s Response: Denying Data Theft Claims

In response to DumpForums’ claims, Dr.Web published a statement confirming the September breach but stating that the attack was “promptly stopped.” The company also mentioned that it would not pay a ransom demand, which the attackers had since requested, and denied that customer information was stolen in the attack.

“The main goal was to demand a ransom from our company, but we are not negotiating with the attackers. At the moment, law enforcement agencies are conducting an investigation, and therefore we cannot give detailed comments so as not to interfere with the investigation,” Dr.Web said in a recent post.

Dr.Web reassured its users by stating, “The information published in Telegram is mostly untrue, user data was not affected. Neither virus database updates nor software module updates pose any security threat to our users.”

We reached out to Dr.Web for more information regarding the breach and DumpForums’ claims, but they have yet to reply.

Dr.Web is just the latest Russian cybersecurity company to be targeted and breached in a cyberattack. In June, pro-Ukrainian hackers Cyber Anarchy Squad breached the Russian information security firm Avanpost, claiming to have leaked 390GB of stolen data before encrypting over 400 virtual machines. source

Moreover, in June 2023, Kaspersky disclosed that attackers infected iPhones on its network with spyware via iMessage zero-click exploits, targeting iOS zero-day bugs as part of a campaign now known as “Operation Triangulation.”

These incidents serve as a stark reminder of how important it is to prioritize cybersecurity. Cyber threats are ever-evolving, and staying informed is essential in protecting ourselves and our businesses.

Don’t wait until it’s too late – take action now to protect your digital assets. Keep coming back for more information on cybersecurity and how to safeguard your data. Together, let’s make the digital space a safer place for everyone.