Professional-Ukrainian hacktivists from DumpForums declare to have breached Russian cybersecurity large Dr.Net, stealing over 10 TB of delicate information, together with inner tasks, shopper databases, and important infrastructure entry.
DumpForums, a pro-Ukrainian hacktivist discussion board, claims to have breached Dr.Net, a Russian cybersecurity firm and antivirus options supplier. Because of this, hackers have introduced stealing over 10 TB of inner, buyer/shopper information, Hackread.com can solely affirm.
The assault dates again to Saturday, September 14th, when Dr.Net (also referred to as Physician Net, Physician Net Ltd., and Firm Physician Net) recognized that it had suffered a cyberattack. After investigating, the Russian cybersecurity large revealed a short weblog publish on September 17, 2024, revealing that the corporate was focused in a cyberattack geared toward its “resources.” At the moment, Physician Net claimed that it had “prevented the attack in a timely manner” and that no person information was accessed or stolen.
Nevertheless, as Hackread.com’s analysis group found, on the morning of October eighth, 2024, DumpForums hacktivists used their Telegram account to announce and declare accountability for the September assault. The hacktivists’ Telegram publish contradicted what Physician Net had said concerning the hack in September.
DumpForums Hacktivists Declare Dr.Net’s Infrastructure Hack
In line with the publish, the hacktivists said that they had hacked the infrastructure of Dr.Net, including that they infiltrated the corporate’s native community after planning every little thing prematurely. After that, they systematically hacked extra servers and sources “within just a few days.”
Moreover, the hackers claimed to have hacked and extracted information from Dr.Net’s company GitLab server, the place inner developments and tasks have been saved, together with the company e mail server, Confluence, Redmine, Jenkins, Mantis, and RocketChat.
The hackers additionally claimed to have accessed and downloaded the complete shopper/person database, which that they had already leaked on their official discussion board.
To additional authenticate their claims, the hackers supplied a number of dumps of databases from inner sources reminiscent of ldap.dev.drweb.com, vxcube.drweb.com, bugs.drweb.com, antitheft.drweb.com, and rt.drweb.com, amongst others.
Accessing Dr.Net’s area controller?
What’s much more regarding are the claims from the hacktivists that they gained management of Dr.Net’s area controller, a crucial a part of the corporate’s infrastructure. The area controller manages authentication and entry to all methods inside a community. By compromising it, the attackers would have had limitless entry to the complete community, permitting them to repeatedly extract large quantities of delicate information.
This stage of management reportedly enabled them to stay undetected for a month whereas siphoning off round 10 terabytes of knowledge. The group additionally identified Dr.Net’s alleged poor safety, stating that they spent an “entire month” within the system whereas the corporate continued promoting merchandise to safe others.
You will need to observe that Hackread.com has reached out to Dr.Net concerning the claims made by DumpForums hacktivists, and this text will probably be up to date accordingly.
Ukraine and Russia Cyberwarfare
It is usually price noting that DumpForums is thought for attacking crucial Russian infrastructure. In June 2022, the identical group was behind the hack and defacement of the Russian Ministry of Development, Housing, and Utilities. The hackers additionally stole the ministry’s total database and demanded 0.5 BTC as ransom to stop the info from being leaked on-line.
However, the cyber warfare between Russia and Ukraine is gaining new momentum. Hackers from each international locations have been focusing on one another’s crucial infrastructure for the reason that battle started on February 24, 2022.
In accordance to Ukraine’s State Service of Particular Communications and Info Safety (SSSCIP), there was a big shift in Russian cyber operations towards Ukraine within the first half of 2024. The brand new technique marks a departure from earlier broad-spectrum assaults to a extra focused strategy specializing in Ukraine’s navy and defence sectors.
However, Ukrainian hackers have been fairly lively over the previous few months. A few of their claimed cyberattacks embrace focusing on banks and shutting down ATMs in Russia, focusing on the federal government sector and damaging petabytes of knowledge, crippling the nation’s tax system, and different actions.
RELATED TOPICS
- Ukrainian Hacktivists Trick Russian Army Wives for Private Information
- Protestware Makes use of npm Packages to Name for Peace in Gaza, Ukraine
- Ukraine Hacks Russia’s Aviation Company, Claims “Aviation Cannibalism”
- 57,000 Kaspersky Fan Membership Discussion board Consumer Information Leaked in Internet hosting Breach
- Ukrainian Hackers Breach E mail of APT28 Chief, Who’s Needed by FBI
