On Tuesday, Russian cybersecurity firm Doctor Web (Dr.Web) revealed that it had suffered a security breach over the weekend. The company detected “unauthorized interference” within its IT infrastructure and promptly disconnected all servers from its internal network as a precaution.

As a result of the attack, Dr.Web had to halt virus database updates for customers on Monday while it conducted an investigation. The breach reportedly began on Saturday, September 14, 2024, but Dr.Web claims to have closely monitored and controlled the situation. In a statement, the company reassured that the attack was successfully thwarted and that no users of its antivirus software were affected.

By Tuesday, Dr.Web had resumed virus database updates, and the company emphasized that the security breach did not impact any customers. Dr.Web outlined the measures taken in response to the breach, including the use of its own tool, Dr.Web FixIt! for Linux, which helped security experts isolate the threat and prevent further damage.

A spokesperson for Dr.Web did not respond to inquiries from BleepingComputer on Tuesday.

Dr.Web is the latest Russian cybersecurity firm to be targeted in cyberattacks in recent years. Earlier incidents include pro-Ukrainian hackers Cyber Anarchy Squad breaching Russian firm Avanpost in June, stealing and leaking 390GB of data. Additionally, in June 2023, Kaspersky disclosed that iPhones on its network had been infected with spyware through iMessage zero-click exploits, as part of an ongoing campaign known as “Operation Triangulation,” which started in 2019.