According to information from three different sources (AntiLocker, SecurityLab.ru and Launch Tomorrow), the IT infrastructure of Wildberries, the largest Internet site in the Russian Federation, could have been hacked by hackers. The attackers allegedly managed to destroy almost the entire IT infrastructure, including backups. After the attack, only the frontend remained available to the company, while the backend was deleted or encrypted.
Experts believe that the attack could have been organized by employees from the outside, since the company had a fairly good security system for the internal perimeter.
According to some reports, hackers from the OldGremlin group placed an encryption virus in the site data, which caused a large-scale failure in the work of Wildberries, and the company did not make contact with the attackers.
From the explanation of one of the participants in the attack:
How was it delivered? Phishing?
- Yes. Moreover, the entry points were compromised more than a year ago.
- How is that? those. for a year there were some kind of callbacks, antiviruses swore .... and everyone didn't care!?
- Yes, the fact of the matter is that nothing was swearing. Or no one looked at the antivirus logs then, at least my predecessor does not remember.
- That is, it was not the infection itself that was brought through phishing, but the dropper? Or remote control?
— Yes, the user downloaded the dropper from the link. And then, when the laptop was outside the corporate network, the rest was already downloaded, apparently. We are still analyzing. Apparently it downloaded when the laptop was outside the corporate network. Backups are deleted by these "comrades" before they start to encrypt. In our case, the tape storage management server was also destroyed.
— That is, they were not turned off between storage rotations? Or was there no storage rotation? Or was it but did not help? Well, I mean, when you have one week everything is poured onto one of us (one group of disks in a us), and the next week - into the second group of disks, when the first one is totally offline and so on in a circle, or at least as in Altaro - one copy is taken out of the network to a server that does not respond using conventional protocols
- For certain reasons, there was no rotation or shutdown. I hope something will be fixed now. On March 14, 2022, there was a global failure in the operation of Wildberries services. Users from different cities of the Russian Federation and neighboring countries complain massively that they cannot enter the application; there is a loss of orders: nothing is displayed in the personal account, there are no paid and delivered orders to the point of issue, information about the dates of the next delivery has disappeared, it is impossible to pay for goods.
Wildberries denied the information about the malfunction.
“The information about the failure is not true: orders at the points of issue and through couriers are issued in the standard mode, there are no changes. There are errors in the operation of Wildberries services, but they will be fixed in the near future, ”a company representative explained.
12 hours after the incident, Wildberries reported that more than 70% of errors in the site and applications were eliminated by the company's IT specialists. In the Wildberries mobile applications on iOS and Android, customers can already place and pay for orders. In the near future, errors in placing orders on the site will be corrected.
Wildberries clarified that the personal and financial information of users was not affected: bank card data is securely protected in accordance with the Payment Card Industry Data Security Standard (PCI DSS), which was developed by leading international players in the field of payment systems.
bbabo.Net