Russian security firm Dr.Web disconnects all servers after breach
On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend.
Dr.Web disconnected all servers from its internal network after detecting "signs of unauthorised interference" to its IT infrastructure.
The company was also forced to stop delivering virus database updates to customers on Monday while investigating the breach.
"The attack on our resources began on Saturday, September 14, 2024. We closely monitored it and kept the events under control," the company said.
"The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected," it added in a separate statement in English, published on its official website.
"Following established security policies, we disconnected all our servers from the network and initiated comprehensive security diagnostics."
In a new statement published on Wednesday, Dr.Web stated that virus database updates resumed on Tuesday and added that the security breach didn't impact any of its customers.
"To analyse and eliminate the incident's consequences, we implemented a series of measures, including the use of Dr.Web FixIt! for Linux," the company said.
"The gathered data allowed our security experts to successfully isolate the threat and ensure that our customers remained unaffected by it."
A Dr.Web spokesperson didn't reply to a request for comment when BleepingComputer reached out multiple times on Tuesday.
Dr.Web is the last in a series of Russian cybersecurity companies targeted in cyberattacks in recent years. For instance, pro-Ukrainian hackers Cyber Anarchy Squad breached Russian information security firm Avanpost in June and leaked what they claimed to be 390GB of data stolen before encrypting over 400 virtual machines.
Kaspersky also revealed in June 2023 that iPhones on its network were infected with spyware via iMessage zero-click exploits that targeted iOS zero-day bugs as part of a campaign now known as "Operation Triangulation."
The company said at the time that the attacks, which affected its Moscow office and employees in other countries, started in 2019 and were still ongoing.
source: BleepingComputer
Free security scan for your website
Top News:
Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
November 12, 2024Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority
November 19, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024