Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack’

Popular Russian antivirus developer Dr.Web said it has resumed operations after suffering a security breach over the weekend.

In a statement on Tuesday, the company said that the cyberattack was successfully “repelled” and “none of the Dr.Web users were affected.”

Dr.Web has been around for more than 20 years and is considered one of Russia’s largest domestic antivirus developers. Its services protect, among others, Russian critical infrastructure facilities, as well as the banking and telecom industries.

The company said earlier this week that it suffered “a targeted cyberattack” on its infrastructure, forcing Dr.Web to disconnect all resources from the network during the investigation. Because of the attack, the company couldn’t update its virus and malware database for several days.

In the latest statement, Dr.Web said that it had resumed operations and can now provide updates to its virus database. Some of the services are still under repair, the company said on its Telegram channel Wednesday. For example, the repository for UNIX systems, where software packages or source code is stored and made available for installation or distribution, is not yet available.

Dr.Web hasn’t disclosed any details about the cyberattack, who was behind it, or how the company’s infrastructure had been compromised. The company did not respond to a request for comment by the time of publication.

This is not the first time Russian cybersecurity firms have become the target of hackers. Earlier in July, a pro-Ukrainian hacker group known as Cyber Anarchy Squad claimed it had hacked the Russian information security firm Avanpost and leaked a trove of its data.

Avanpost, which has been operating in Russia for 15 years, develops authorization and authentication systems for local businesses. Its customers include Russian airports, a large water supply company and telecom service providers.

Last June, pro-Ukrainian hackers also hit a Russian internet and telecommunications company, Infotel, used mostly by banks and online stores, with a “massive” cyberattack. Infotel confirmed the attack, saying that the hackers damaged its network equipment.