Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists

A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web).

Dr.Web confirmed last month that its network was breached on September 14, which forced it to disconnect all internal servers and stop pushing virus database updates to customers while investigating the incident.

In a Tuesday Telegram post, DumpForums pro-Ukrainian hacktivists said they were behind the hack and gained access to Dr.Web's development systems.

They allegedly had access to Dr.Web's network for roughly one month, which allowed them to steal around ten terabytes of data, including client databases, from the company's GitLab, email, Confluence, and other compromised servers.

"We managed to hack into and offload the corporate GitLab server where internal development and projects were stored, the corporate mail server, Confluence, Redmine, Jenkins, Mantis, RocketChat - systems where development was conducted and tasks were discussed," DumpForums said.

ReliaQuest's Threat Research Team says that DumpForums has been an online "hub for hacktivists and patriotic cyber threat actors" since at least late May 2022.

Leave a Comment