Cyber Incident Victim: DNS
Date:
Sep 2022
Location:
Russia
Summary
A Russian retail chain, Digital Network System (DNS), suffered a data breach when external hackers exploited a security vulnerability, compromising personal information of customers and employees. The attackers, allegedly the pro-Ukrainian 'NLB Team,' leaked data including full names, usernames, email addresses, and phone numbers for approximately 16 million individuals, though the company confirmed passwords and payment details were unaffected as they were not stored. The incident prompted the firm to address security gaps in its IT infrastructure, occurring amid broader cyberattacks targeting Russian entities by groups including those affiliated with Ukrainian interests or internal dissident movements.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around September 19, 2022, Russian retail chain Digital Network System (DNS) experienced a cybersecurity incident in which external attackers exploited a security gap in the company's IT infrastructure. DNS, Russia's second-largest computer and home appliance retailer with 2,000 stores and 35,000 employees, confirmed the breach on October 3, 2022, after hackers leaked stolen data online. The attackers, described as residing outside Russia, accessed personal information belonging to customers and employees. While DNS did not specify the exact scope or volume of compromised data, a threat actor subsequently leaked datasets on a hacking forum claiming to contain information for 16 million individuals. The leaked records allegedly included full names, usernames, email addresses, and phone numbers of both customers and staff members. DNS clarified that payment card details and user passwords remained unaffected, as the company did not store such information in its systems. The breach disclosure coincided with the appearance of this data dump, which was attributed to a group calling itself 'NLB Team.'
DNS responded by identifying vulnerabilities in its information infrastructure and initiating efforts to strengthen security measures. The company's announcement provided minimal technical details about the attack vector or containment procedures. Concurrently, reports emerged linking the incident to broader cyber campaigns against Russian organizations, with Kyiv Post identifying a new threat actor called the "National Republican Army" (NRA) targeting government-affiliated entities like software firm Unisoftware. The same forum user leaking DNS data had previously marketed databases from other Russian companies including legal portal Cherlock.ru and e-commerce platform CDEK.market. While pro-Ukrainian affiliations were suggested for some attackers, no group formally claimed responsibility for the DNS breach. The incident exposed sensitive personal information of millions but avoided financial impacts due to DNS's data storage practices. No further technical specifics about system remediation or forensic findings were disclosed by the retailer.