Russian security firm Dr.Web disconnects all servers after breach
On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend.
Dr.Web disconnected all servers from its internal network after detecting "signs of unauthorised interference" to its IT infrastructure.
The company was also forced to stop delivering virus database updates to customers on Monday while investigating the breach.
"The attack on our resources began on Saturday, September 14, 2024. We closely monitored it and kept the events under control," the company said.
"The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected," it added in a separate statement in English, published on its official website.
"Following established security policies, we disconnected all our servers from the network and initiated comprehensive security diagnostics."
In a new statement published on Wednesday, Dr.Web stated that virus database updates resumed on Tuesday and added that the security breach didn't impact any of its customers.
"To analyse and eliminate the incident's consequences, we implemented a series of measures, including the use of Dr.Web FixIt! for Linux," the company said.
"The gathered data allowed our security experts to successfully isolate the threat and ensure that our customers remained unaffected by it."
A Dr.Web spokesperson didn't reply to a request for comment when BleepingComputer reached out multiple times on Tuesday.
Dr.Web is the last in a series of Russian cybersecurity companies targeted in cyberattacks in recent years. For instance, pro-Ukrainian hackers Cyber Anarchy Squad breached Russian information security firm Avanpost in June and leaked what they claimed to be 390GB of data stolen before encrypting over 400 virtual machines.
Kaspersky also revealed in June 2023 that iPhones on its network were infected with spyware via iMessage zero-click exploits that targeted iOS zero-day bugs as part of a campaign now known as "Operation Triangulation."
The company said at the time that the attacks, which affected its Moscow office and employees in other countries, started in 2019 and were still ongoing.
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalInformation Disclosure - Suspicious Comments
HighPII Disclosure
Free online web security scanner
