SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Doctor Web Refutes Hackers’ Claims of User Data Theft

Doctor Web says no development or user data was compromised after pro-Ukraine hacktivists claimed the theft of 10 Tb of files.
Hacked

Russian antimalware firm Doctor Web on Wednesday refuted hackers’ claims that development and user data was stolen in a September hack.

In mid-September, the security company said it had thwarted a cyberattack aimed at its infrastructure, and that it had taken its systems offline to investigate the incident.

Doctor Web said at the time that it had decided to observe the attackers’ movement after detecting the intrusion, and that the assault had no effect on users’ systems protected by its antivirus solution Dr.Web.

In a Wednesday statement, the company revealed that the attackers were looking to extort it, but provided no further details, citing an ongoing law enforcement investigation.

“We managed to promptly thwart the attack and then proceeded by disconnecting our systems from the network for a thorough examination in accordance with our established security policy. The attackers intended to demand a ransom from Doctor Web, but we never negotiate with perpetrators,” the company said.

Referring to a Telegram post by pro-Ukrainian hacktivist group DumpForums claiming that the compromise led to the theft of 10 terabytes of data, Doctor Web said that the attackers’ claims are exaggerated.

Advertisement. Scroll to continue reading.

“Most of the claims that appeared in Telegram are false. Our development environment and customer information haven’t been affected by the attack. Our software module and virus database updates pose no threat whatsoever to Dr.Web users,” the company said.

However, Doctor Web also noted that it was analyzing screenshots that DumpForums posted on Telegram as proof of data theft “to ensure that no portion of our relevant data has been compromised”.

The hacktivists, on the other hand, said they had access to the antimalware firm’s network for roughly a month, breaking into the company’s GitLab environment, corporate email and development servers, various internal resources, and the company’s domain controller.

Related: India-Linked Hackers Targeting Pakistani Government, Law Enforcement

Related: Oregon Zoo Ticketing Service Hack Impacts 118,000

Related: Hackers Claim to Have Infiltrated Belarus’ Main Security Service

Related: Russia Hacked Residential Cameras in Ukraine to Spy on Air Defense, Critical Infrastructure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: ROSI for CPS Security Programs
May 13, 2026

In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Jacki Monson has joined CVS Health as SVP, Deputy CISO.

Gigi Schumm has been promoted to Chief Revenue Officer at Securonix.

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.