Article Details
Scrape Timestamp (UTC): 2024-09-18 15:54:38.535
Original Article Text
Click to Toggle View
Russian security firm Dr.Web disconnects all servers after breach. On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend. Dr.Web disconnected all servers from its internal network after detecting "signs of unauthorised interference" to its IT infrastructure. The company was also forced to stop delivering virus database updates to customers on Monday while investigating the breach. "The attack on our resources began on Saturday, September 14, 2024. We closely monitored it and kept the events under control," the company said. "The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected," it added in a separate statement in English, published on its official website. "Following established security policies, we disconnected all our servers from the network and initiated comprehensive security diagnostics." In a new statement published on Wednesday, Dr.Web stated that virus database updates resumed on Tuesday and added that the security breach didn't impact any of its customers. "To analyse and eliminate the incident's consequences, we implemented a series of measures, including the use of Dr.Web FixIt! for Linux," the company said. "The gathered data allowed our security experts to successfully isolate the threat and ensure that our customers remained unaffected by it." A Dr.Web spokesperson didn't reply to a request for comment when BleepingComputer reached out multiple times on Tuesday. Dr.Web is the last in a series of Russian cybersecurity companies targeted in cyberattacks in recent years. For instance, pro-Ukrainian hackers Cyber Anarchy Squad breached Russian information security firm Avanpost in June and leaked what they claimed to be 390GB of data stolen before encrypting over 400 virtual machines. Kaspersky also revealed in June 2023 that iPhones on its network were infected with spyware via iMessage zero-click exploits that targeted iOS zero-day bugs as part of a campaign now known as "Operation Triangulation." The company said at the time that the attacks, which affected its Moscow office and employees in other countries, started in 2019 and were still ongoing.
Daily Brief Summary
Russian anti-malware company Dr.Web disclosed a security breach occurring over the weekend, leading to a temporary suspension of virus database updates to customers.
Dr.Web detected unauthorized interference in its IT infrastructure, prompting a complete disconnection of all servers from their internal network to safeguard data and systems.
The attack began on Saturday, September 14, 2024, but was swiftly contained by Dr.Web, preventing damage to their infrastructure and keeping customer systems protected.
Comprehensive security diagnostics and measures, including deploying Dr.Web FixIt! for Linux, were initiated to analyze and eliminate the consequences of the incident.
Virus database updates were resumed on Tuesday following the breach, with assurances from Dr.Web that the security breach had not impacted any customers.
The incident adds Dr.Web to a growing list of Russian cybersecurity firms targeted in recent cyberattacks, with previous breaches reported at other major Russian security companies.