Pro-Ukrainian hackers claim to have stolen 10 TB of data from Russian cyber security firm Dr.Web

marry 09.10.2024, 10:30 AM

Pro-Ukrainian hackers from DumpForums, a pro-Ukrainian hacktivist forum, claim to have hacked a well-known Russian cybersecurity company, Dr.Web, and stolen more than 10 TB of sensitive data, including internal projects and user databases.

The attack happened on Saturday, September 14, when Dr.Web revealed that it had suffered a cyber attack. Following the investigation, the Russian company released a brief blog statement on September 17, 2024, revealing that it had been the target of a cyber attack. At the time, Doctor Web claimed that it “prevented the attack in a timely manner” and that no user data was accessed or stolen.

However, on October 8, DumpForums hacktivists used their Telegram account to claim responsibility for the September attack. The hacktivist’s Telegram post contradicted what Doctor Web said about the September attack.

The hackers said they hacked Dr.Web’s infrastructure, adding that they infiltrated the company’s network and planned everything in advance. After that, they systematically hacked multiple servers and resources “within just a few days.”

Hackers claim to have extracted data from Dr.Web’s corporate GitLab server, where internal projects are located, and to have hacked the corporate email server as well.

They also claim to have taken over the entire user database. To prove their claims, the hackers released several databases from ldap.dev.drweb.com, vxcube.drweb.com, bugs.drweb.com, antitheft.drweb.com and rt.drweb.com.

The hackers also claim to have taken control of Dr.Web’s domain controller, which manages authentication and access to all systems within the network. By compromising it, attackers would have unrestricted access to the entire network, allowing them to continuously extract vast amounts of sensitive data. This level of control reportedly allowed them to remain undetected for a month while extracting around 10 terabytes of data.

The group also pointed to Dr.Web’s alleged poor security, saying they spent “a whole month” on the system while the company continued to sell products it uses to protect others.

DumpForums is known for attacks on critical Russian infrastructure. In June 2022, the same group hacked the Russian Ministry of Construction, Housing and Utilities. The hackers then stole the ministry’s entire database and demanded 0.5 BTC for ransom, threatening to release the data.

In parallel with the conventional war, the cyber war between Russia and Ukraine is taking place. Since the start of the conflict on February 24, 2022, hackers from both countries have been attacking critical infrastructure.

Photo: Kevin Horvath | Unsplash