It has been detected that GhostSec threat actors have targeted Russian-based Domain registrar Domain.ru, and they have been posts claiming that critical corporate data has been compromised.
In the post, they published a ZIP archive containing images and spreadsheets of the threat actors allegedly belonging to Domain.ru. In the .md file called “Readme” added to the ZIP archive, it has been specified that attackers discovered multiple SQL files of 4TB during the attack, but the files could not be seized, and malicious requests were blocked by IDS (Intrusion Detection System) solutions. Sharing and proof images of the finding are given below:
This and similar security breaches pose a severe risk to customers of domain registration companies. In this context, it is recommended to change the passwords used by Domain.ru customers in registered accounts by using strong policies, activating 2FA/MFA features, and controlling anomaly account activities. In addition, it is recommended to be aware of the data leaked on the internet against advanced phishing attacks that may occur.