Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
DNS (Digital Network System), a Russian retail chain, disclosed yesterday that its systems have been breached by a threat actor. The hackers exploited a security gap they found in the company’s IT system to access the data. As a result, the personal data of customers and employees leaked online. DNS is Russia’s second-largest store chain for computer and home appliances, with 2,000 stores and 35,000 employees.
The retailer clarified that data such as the users’ passwords and payment data have not been compromised by the threat actors, as they do not store the data on their systems.
The Breakdown of the Attack
The Russian retailer disclosed the security breach hours after the company’s data began leaking on a hacking forum. Allegedly, the group behind the attack is “NLB Team”. The attack happened on September 19th and the hackers managed to get access to the full names, usernames, email addresses, and phone numbers of 16 million DNS customers and employees.
DNS’ data leaked on hacker forum (Source)
We have already found gaps in the protection of our information infrastructure and are working to strengthen information security in the company.
The group managed to access the retailers’ data by exploiting a security breach, which DNS is working on remediating. The retailer has monthly traffic of 81.3 million visits, placing them in the top 30 most visited sites in Russia. Neither the volume or the type of stolen data has been officially confirmed by the company.
Russian Sites Under Threat
According to BleepingComputer, the attack on DNS is the work on pro-Ukranian hackers. Kyiv Post reports that key Russian companies are under threat of the so-called “National Republican Army” (NRA).
They claim that “Unisoftware,” a software development company that collaborates closely with the Russian government, the Central Bank, and the federal tax authority, is their first well-known victim.
According to reports, the hack involved the employment of a ransomware strain to inflict damage on the company, and the group also sent screenshots to the media as proof of their access.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
