October 9, 2024 at 11:55AM
Pro-Ukrainian hacktivists, DumpForums, claimed responsibility for a September breach of Russian security company Doctor Web, accessing and stealing approximately ten terabytes of data. Doctor Web confirmed the breach but denied data theft claims and ransom demands, asserting an investigation is ongoing while ensuring user data remains secure.
### Meeting Takeaways
1. **Incident Overview**:
– Pro-Ukrainian hacktivist group DumpForums has claimed responsibility for a security breach at Russian security company Doctor Web (Dr.Web) on September 14.
– Dr.Web confirmed the breach and disconnected its internal servers to investigate the incident, halting virus database updates.
2. **Data Compromised**:
– The hack reportedly lasted about one month, resulting in the theft of approximately ten terabytes of data, including client databases and access to various internal systems (GitLab, email servers, Confluence, etc.).
3. **Hacktivist Activities**:
– DumpForums has been identified as a platform for hacktivists and cyber threat actors since late May 2022, engaging in cyber activities supportive of Ukraine’s efforts against Russia.
4. **Dr.Web’s Response**:
– Dr.Web has denied claims about the theft of customer data and stated that the breach was swiftly contained.
– The company has refused to negotiate with the attackers regarding ransom demands and has stated that user data was unaffected.
5. **Ongoing Investigations**:
– Dr.Web is cooperating with law enforcement in their investigation of the breach and cannot provide further details at this time.
6. **Recent Cybersecurity Trends**:
– This breach is part of a larger trend where Russian cybersecurity firms have been increasingly targeted by pro-Ukrainian hacktivists, including previous incidents involving Cyber Anarchy Squad and Kaspersky.
7. **Media Engagement**:
– Dr.Web has not yet responded to multiple inquiries from media outlets regarding the breach and claims made by DumpForums.
### Action Items
– Follow up for further details on Dr.Web’s data loss claims and updates on law enforcement investigation.
– Monitor future communications from relevant hacktivist groups and potential implications for cybersecurity strategies.