Hackers Announce Breach of Moscow’s Department of Information Technology

According to experts from Data Leakage & Breach Intelligence (DLBI), the hacker group DumpForums has claimed responsibility for breaching the server of the Moscow Department of Information Technology (mos[.]ru/dit/). The attackers allege that they have stolen around 40 TB of data.

In their Telegram channel, the group stated that the breach supposedly occurred a year ago, and that they have remained inside the Department’s network ever since, as all attempts to block their access were “futile.”

“During our time inside, we managed to hack all technical resources of the Department, download 40 TB of databases from various Moscow resources including: EMIAS, IS UDRVS, the Mayor of Moscow’s Portal, SUDIR, and others. All obtained information was processed, the necessary data was extracted, and is already being used by us for other purposes,” DumpForums claimed.

To support their claims, the hackers published a dump containing a user table (cwd_user) from the internal resource jira.cdp.local. According to DLBI, the table contains 335,586 rows, including:

• Username
• Full name
• Email address (288,395 addresses in the @mos.ru domain)
• Registration and record update dates (from 05/24/2019 to 06/20/2023)
• Internal identifiers

Researchers also note that, according to their information, a dump allegedly from zdrav.mos[.]ru, dated September 2023, appeared for sale on the dark web some time ago.

Representatives of the Moscow Department of Information Technology have not yet commented on the hackers’ claims.