Current Dr.Internet cyberattack claimed by pro-Ukrainian hacktivists

A gaggle of pro-Ukrainian hacktivists has claimed accountability for the September breach of Russian safety firm Physician Internet (Dr.Internet).

Dr.Internet confirmed final month that its community was breached on September 14, which pressured it to disconnect all inside servers and cease pushing virus database updates to prospects whereas investigating the incident.

In a Tuesday Telegram submit, DumpForums pro-Ukrainian hacktivists stated they have been behind the hack and gained entry to Dr.Internet’s growth techniques.

They allegedly had entry to Dr.Internet’s community for roughly one month, which allowed them to steal round ten terabytes of knowledge, together with consumer databases, from the corporate’s GitLab, e mail, Confluence, and different compromised servers.

“We managed to hack into and offload the corporate GitLab server where internal development and projects were stored, the corporate mail server, Confluence, Redmine, Jenkins, Mantis, RocketChat – systems where development was conducted and tasks were discussed,” DumpForums stated.

Dr.Web allegedly hacked PostgreSQL server
Hacked PostgreSQL server (BleepingComputer)

ReliaQuest’s Risk Analysis Group says that DumpForums has been a web based “hub for hacktivists and patriotic cyber threat actors” since a minimum of late Might 2022.

Their efforts are centered on supporting “the Ukrainian war effort against Russia” by way of DDoS assaults and leaking data stolen from the Russian authorities and personal entities.

Dr.Internet denies knowledge theft claims

At present, Dr.Internet revealed a press release in response to their claims, confirming once more the September breach however saying that the assault was “promptly stopped.”

The Russian anti-malware firm added that it will not pay a ransom demand, which the attackers had since requested, and denied that buyer data was stolen within the assault.

“The main goal was to demand a ransom from our company, but we are not negotiating with the attackers. At the moment, law enforcement agencies are conducting an investigation, and therefore we cannot give detailed comments so as not to interfere with the investigation,” Dr.Internet stated in a Wednesday Telegram submit.

“The information published in Telegram is mostly untrue, user data was not affected. Neither virus database updates nor software module updates pose any security threat to our users.”

Dr.Internet has but to answer to a number of emails despatched by BleepingComputer to request extra data relating to the breach and DumpForums’ claims.

https://x.com/Doctor_Web/status/1843990580663107909

Dr.Internet is the newest Russian cybersecurity firm that was focused and breached in a cyberattack.

In June, pro-Ukrainian hackers Cyber Anarchy Squad breached the Russian data safety agency Avanpost, claiming to have leaked 390GB of stolen knowledge earlier than encrypting over 400 digital machines.

One 12 months earlier, in June 2023, Kaspersky additionally disclosed that attackers contaminated iPhones on its community with spyware and adware by way of iMessage zero-click exploits, which focused iOS zero-day bugs as a part of a marketing campaign now generally known as “Operation Triangulation.”

Recent articles

PAN-OS Firewall Vulnerability Underneath Energetic Exploitation – IoCs Launched

î ‚Nov 16, 2024î „Ravie LakshmananVulnerability / Community Safety Palo Alto Networks...

Iranian Hackers Deploy WezRat Malware in Assaults Concentrating on Israeli Organizations

î ‚Nov 15, 2024î „Ravie LakshmananCyber Espionage / Malware Cybersecurity researchers have...