Posted on October 4, 2022 at 4:56 PM
Russia’s second-largest retail chain exploited by hackers
Digital Network System (DNS), one of the largest retail chains in Russia, has admitted to suffering a data breach that exposed the personal details of customers and the company’s employees.
DNS admits to a data breach exposing customer and employee information
DNS is the second-largest computer and home appliances store in Russia. The retail giant has 2000 branches and 35,000 employees. Therefore, the extent of this data breach could be massive.
The few details provided about this breach during the announcement said that the exploit was conducted by some hackers based outside the Russian Federation. These threat actors exploited a security vulnerability within the company’s IT systems. Following this breach, the hackers managed to access customer and employee information.
In the announcement, DNS added that they had detected the security weaknesses exploited by the attackers. The retail chain also added that it was working on strengthening its cybersecurity systems to guarantee such a breach will not happen again.
“We have already found gaps in the protection of our information infrastructure and are working to strengthen information security in the company,” the retail chain added.
The company has not given any details on the kind of information that the attackers accessed. However, it noted that the stolen information did not include login information, such as user passwords. DNS has also said that the hackers did not steal payment card data, adding that such data was not stored within their systems.
DNS issued a statement admitting to the data hours after an attacker started leaking data from the company through a hacking forum. While publishing this data on the forum, the threat actor behind the breach was known as the “NLB Team.”
The data in question was stolen on September 19. The attackers managed to walk away with information such as the full names, usernames, email addresses, and phone numbers of the customers and employees of the retail chain. The information stolen by the attacker belongs to 16 million people.
DNS is one of the most visited stores in Russia. Data from SimilarWeb shows that DNS-shop.ru gets massive traffic, with around 81.3 million monthly visits. The site ranks as one of the most visited sites in Russia. Therefore, the number of individuals affected by this breach could be accurate.
DNS has yet to confirm the accuracy of the information published in the hacking forum and whether the details published by the hacking group are the same as those stolen from the platform.
The same threat actor that leaked the stolen information from DNS said they had a database of other organizations in Russia. The organizations the hacker alleges to have infiltrated and stolen data from include Cherlock.ru, a portal for legal information, and CDEK.market, an e-commerce platform for consumer goods.
Russian organizations face increased threats of hacking attacks
The attack against one of the largest retail chains in Russia has reportedly been made by hackers that are pro-Ukrainian. However, details have also emerged showing a growing threat to Russian organizations and websites.
A report by Kyiv Post has said that hackers linked to the “National Republican Army” are launching attacks against several Russian companies. The NRA is an organization that includes dissidents that want to remove the current Russian government.
The hackers seem to be already causing harm to the targeted organizations. The first high-profile victim of this attack is “Unisoftware.” The latter is a software development company that works alongside the Russian government and key institutions such as the Central Bank and the federal tax service.
The attack in question also involved the hackers deploying a ransomware strain that caused the damage. The group has also shared screenshots with the publication to be used as evidence that they accessed these servers.
There is no clear indication of how much access the hackers obtained to Unisoftware’s IT systems. However, while speaking to Kyiv Post, one of the attackers said it was funny because they tried to kick them out and fix the machines.
One of the members of the NRA has also mocked the urgent efforts being made by Unisoftware to salvage their data. The NRA member said, “Change your passwords and try to restore your data. We’ve stolen your passwords each and every time. We think we have enough data at this time to make your lives very difficult if you do not pay.”