Major data breach claims mostly untrue, Dr.Web says


A Russian cybersecurity firm has denied reports that hackers stole ten terabytes of company and customer data.

Earlier this week, attackers said they managed to penetrate Dr.Web’s local network and hopped from server to server, peering deep into the cybersecurity firm. The hackers supposedly unloaded the corporate GitHub server, Dr.Web’s Confluence, Redmine, Jenkins, Mantis, and RocketChat services, as well as a client database.

“Yes, we also unloaded the data of users who trusted Dr.Web with their security. The icing on the cake is the domain controller. Having mastered it, all we had to do was fill up our storage devices by uploading more and more data,” attackers said in a Russian language post on Telegram.

ADVERTISEMENT

Attackers, who call themselves DumpForums, said they secured a whopping ten terabytes of data, roaming the firms’ servers unnoticed for over a month.

Interestingly, on September 14th, Dr.Web was indeed targeted with an attack, an attempt that the company acknowledged on September 17th. At the time, the firm said the attack on its resources was “prevented in a timely manner,” and “no user whose system was protected by Dr.Web was affected.”

After reports regarding the attack recently surfaced, Dr.Webb issued a similar statement on its Telegram channel, reiterating that it registered and stopped an attack in September.

“The information published in Telegram is mostly untrue, user data was not affected. Neither virus database updates nor software module updates pose any security threat to our users,” the company said in a post in Russian.

However, the Russian-language infosec community started sharing screenshots of what appears to be Dr.Web‘s official Telegram bot informing users that Dr.Web‘s antivirus and user data have been compromised. Other screenshots supposedly included samples of the leaked data. A Russian-language forum has supposedly extracted millions of unique phone numbers, email addresses, payment card numbers, and other data from the alleged leak.

We have reached out to Dr.Web for comment and will update the article once we receive a reply.

Headquartered in Moscow, Dr.Web is one of the oldest anti-virus software makers in Russia. The company operates subsidiaries in Japan, France, and Kazakhstan. Meanwhile, DumpForums has been on the radar for a couple of years after the group targeted Russia's Ministry of Construction, Housing, and Utilities.

ADVERTISEMENT