A notable hacking forum, DumpForums, has claimed responsibility for a massive data breach targeting Dr.Web, a prominent Russian cybersecurity company.
The hackers allege that they have exfiltrated a staggering 10 terabytes of sensitive data from the firm’s infrastructure, which has severely damaged Dr.Web’s reputation as a leading security provider.
According to the hackers’ statement posted on DumpForums, the breach was meticulously planned and executed over several days.
The attackers claim to have initially infiltrated Dr.Web’s local network, compromising server after server and resource after resource. This systematic approach allegedly allowed them to penetrate even the most secure parts of Dr.Web’s infrastructure.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Compromised Systems
According to the claim, the hackers successfully breached & exfiltrated data from several critical systems, including:
- Corporate GitLab server containing internal developments and projects
- Corporate mail server
- Confluence, Redmine, Jenkins, and Mantis systems used for development and task management
- RocketChat, a communication platform
- Various software management resources
Perhaps most alarmingly, the attackers claim to have accessed and uploaded client databases, potentially exposing the sensitive information of users who trusted Dr.Web with their security.
The hackers assert that the total amount of data exfiltrated reaches approximately 10 terabytes. This massive trove of information allegedly remained undetected by Dr.Web for an entire month, during which the company continued to operate normally and promote its security products.
Dr.Web’s official statement paints a different picture. On Saturday, September 14, the company acknowledged a targeted attack on its resources but insisted that the attempt to harm its infrastructure was promptly thwarted. Dr.Web stated that none of its users’ products were affected.
As a precautionary measure, Dr.Web disconnected all resources from its network for verification purposes and temporarily suspended the release of virus databases.
The company announced the involvement of its Dr.Web FixIt! Service, a special pre-release version for Linux, to expedite the resource verification process.
This alleged breach, if confirmed, would be a significant blow to Dr.Web and the cybersecurity industry as a whole. It highlights the vulnerability of even specialized security firms to sophisticated attacks and raises questions about the efficacy of current protection measures.
The incident follows a troubling trend of cyberattacks targeting Russian cybersecurity companies in recent years. In June 2024, the pro-Ukrainian hacking group Cyber Anarchy Squad claimed to have breached another Russian security firm, Avanpost, leaking 390GB of data.
It underscores the critical need for continuous vigilance, robust security measures, and transparent incident response protocols, even for companies at the forefront of cyber defense.
The full extent of the breach and its potential impact on Dr.Web’s clients remains to be seen. As investigations continue, the cybersecurity industry will be watching closely for lessons to be learned and improvements to be made in protecting against such sophisticated attacks.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar