Security News Doctor Web's resources attacked

[Gandalf_The_Grey]

Content source

https://news.drweb.com/show/?i=14904&lng=en

On Saturday, September 14, Doctor Web specialists recorded a targeted attack on the company's resources. The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected.

For the time being, in accordance with the company’s security protocol, all resources are disconnected from the network so that they can be checked. Because of this, the release of Dr.Web virus databases is temporarily suspended.
Our Dr.Web FixIt! service, its special pre-release version for Linux, is being used to diagnose and eliminate the consequences of the attack. This allows us to scan our resources more quickly.
The release of virus databases will resume shortly.

Doctor Web's resources attacked



On Saturday, September 14, Doctor Web specialists recorded a targeted attack on the company's resources. The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected.

news.drweb.com

 

[Gandalf_The_Grey]

Dr.Web virus database updates resumed in full. None of Doctor Web’s customers have been affected by the incident.

Doctor Web resumed virus database updates after the attack on its infrastructure

Now that the dangerous situation involving the attack on Doctor Web's infrastructure has been resolved successfully, we're happy to bring you up to speed on the latest developments and present the security incident's complete timeline.

news.drweb.com

 

[Gandalf_The_Grey]

Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists

A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web).

Dr.Web confirmed last month that its network was breached on September 14, which forced it to disconnect all internal servers and stop pushing virus database updates to customers while investigating the incident.

In a Tuesday Telegram post, DumpForums pro-Ukrainian hacktivists said they were behind the hack and gained access to Dr.Web's development systems.

They allegedly had access to Dr.Web's network for roughly one month, which allowed them to steal around ten terabytes of data, including client databases, from the company's GitLab, email, Confluence, and other compromised servers.

"We managed to hack into and offload the corporate GitLab server where internal development and projects were stored, the corporate mail server, Confluence, Redmine, Jenkins, Mantis, RocketChat - systems where development was conducted and tasks were discussed," DumpForums said.

Dr.Web is the most recent Russian cybersecurity company that was targeted and breached in a cyberattack.

In June, pro-Ukrainian hackers Cyber Anarchy Squad breached the Russian information security firm Avanpost, claiming to have leaked 390GB of stolen data before encrypting over 400 virtual machines.

One year earlier, in June 2023, Kaspersky also disclosed that attackers infected iPhones on its network with spyware via iMessage zero-click exploits, which targeted iOS zero-day bugs as part of a campaign now known as "Operation Triangulation."

Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists

A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web).

www.bleepingcomputer.com