A gaggle of pro-Ukrainian hacktivists has claimed duty for the September breach of Russian security firm Physician Net (Dr.Net).
Dr.Net confirmed final month that its community was breached on September 14, which compelled it to disconnect all inner servers and cease pushing virus database updates to clients whereas investigating the incident.
In a Tuesday Telegram submit, DumpForums pro-Ukrainian hacktivists stated they have been behind the hack and gained entry to Dr.Net’s growth programs.
They allegedly had entry to Dr.Net’s community for roughly one month, which allowed them to steal round ten terabytes of knowledge, together with shopper databases, from the corporate’s GitLab, electronic mail, Confluence, and different compromised servers.
“We managed to hack into and offload the company GitLab server the place inner growth and initiatives have been saved, the company mail server, Confluence, Redmine, Jenkins, Mantis, RocketChat – programs the place growth was carried out and duties have been mentioned,” DumpForums stated.
ReliaQuest’s Risk Analysis Group says that DumpForums has been a web based “hub for hacktivists and patriotic cyber menace actors” since a minimum of late Could 2022.
Their efforts are targeted on supporting “the Ukrainian warfare effort towards Russia” via DDoS assaults and leaking info stolen from the Russian authorities and personal entities.
Dr.Net denies information theft claims
Immediately, Dr.Net printed a press release in response to their claims, confirming once more the September breach however saying that the assault was “promptly stopped.”
The Russian anti-malware firm added that it will not pay a ransom demand, which the attackers had since requested, and denied that buyer info was stolen within the assault.
“The primary purpose was to demand a ransom from our firm, however we’re not negotiating with the attackers. For the time being, legislation enforcement businesses are conducting an investigation, and due to this fact we can not give detailed feedback in order to not intrude with the investigation,” Dr.Net stated in a Wednesday Telegram submit.
“The data printed in Telegram is usually unfaithful, person information was not affected. Neither virus database updates nor software program module updates pose any security menace to our customers.”
Dr.Net has but to answer to a number of emails despatched by BleepingComputer to request extra info concerning the breach and DumpForums’ claims.
Dr.Net is the newest Russian cybersecurity firm that was focused and breached in a cyberattack.
In June, pro-Ukrainian hackers Cyber Anarchy Squad breached the Russian info security agency Avanpost, claiming to have leaked 390GB of stolen information earlier than encrypting over 400 digital machines.
One 12 months earlier, in June 2023, Kaspersky additionally disclosed that attackers contaminated iPhones on its community with adware through iMessage zero-click exploits, which focused iOS zero-day bugs as a part of a marketing campaign now often known as “Operation Triangulation.”
