Dr.Web hacker

On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend.

Dr.Web disconnected all servers from its internal network after detecting "signs of unauthorised interference" to its IT infrastructure.

The company was also forced to stop delivering virus database updates to customers on Monday while investigating the breach.

"The attack on our resources began on Saturday, September 14, 2024. We closely monitored it and kept the events under control," the company said.

"The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected," it added in a separate statement in English, published on its official website.

"Following established security policies, we disconnected all our servers from the network and initiated comprehensive security diagnostics."

In a new statement published on Wednesday, Dr.Web stated that virus database updates resumed on Tuesday and added that the security breach didn't impact any of its customers.

Dr.Web breach tweet

​"To analyse and eliminate the incident's consequences, we implemented a series of measures, including the use of Dr.Web FixIt! for Linux," the company said.

"The gathered data allowed our security experts to successfully isolate the threat and ensure that our customers remained unaffected by it."

A Dr.Web spokesperson didn't reply to a request for comment when BleepingComputer reached out multiple times on Tuesday.

Dr.Web is the last in a series of Russian cybersecurity companies targeted in cyberattacks in recent years. For instance, pro-Ukrainian hackers Cyber Anarchy Squad breached Russian information security firm Avanpost in June and leaked what they claimed to be 390GB of data stolen before encrypting over 400 virtual machines.

Kaspersky also revealed in June 2023 that iPhones on its network were infected with spyware via iMessage zero-click exploits that targeted iOS zero-day bugs as part of a campaign now known as "Operation Triangulation."

The company said at the time that the attacks, which affected its Moscow office and employees in other countries, started in 2019 and were still ongoing.

Related Articles:

Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists

Washington courts' systems offline following weekend cyberattack

US warns of last-minute Iranian and Russian election influence ops

Nokia investigates breach after hacker claims to steal source code

LA housing authority confirms breach claimed by Cactus ransomware