Details of the hack were also revealed.
The Moscow City Court issued a verdict in the case of a hacker who hacked the IT systems of the Hemotest medical laboratory. According to the verdict, the court sentenced the burglar to 1.5 years of probation under Part 3 of Article 272, Part 2 of Article 273 of the Criminal Code of the Russian Federation.
A hacker accessed the data using a compromised account [email protected] and PHP scripts (1650553341626171fd617886.05693802.php, db-informations.php, php-informations.php), including via the p0wny-shell web shell and the video upload form on the web service of the Corporate TV laboratory (corptv.gemotest.ru). From April 21 to May 3, 2022, the hacker and unidentified individuals used these scripts to download data from the laboratory's databases.
Expert opinion No. 001/23 of May 15, 2023 revealed that requests to the PHP script were made from April 21 to May 3, 2022 "db-informations.php". Queries contained information, including user names and names of databases and tables.
From the analysis of requests with the status "200", indicating their successful execution, the expert revealed that requests from the user" itr-corptv "("itr-corptv") were sent to the databases" OrdersFromCACHE "("OrdersFromCACHE") and" MIS "("MIS"). According to the log files, data from requests was sent to the IP address 10.132.132.132, which is probably part of the local network that connects the web server hosted on the VM to the global Internet.
According to the Telegram channel "Information Leaks", Fuad Maarif oglu Alekperov, who was found guilty in court in this case, may have participated in other well-known cases of hacking and distributing personal data of clients of various companies.
On May 3, 2022, the DLBI service reported a leak of the Hemotest customer database containing personal data and test results. Later, DLBI experts found out that the leak occurred due to a vulnerability in the laboratory's IT system.
Hemotest launched an investigation into the incident on May 4, and Roskomnadzor appealed to the prosecutor's office. On May 18, the lab confirmed the hack, adding that the leak was smaller than reported online. On July 25, the Moscow Magistrate's Court fined Gemotest 60 thousand rubles for leaking 300 GB of customer data.
According to Roskomnadzor, the incident occurred due to the compromise of the employee's account, which allowed hackers to upload data. At the trial, representatives of the laboratory admitted the fact of the hacker attack, but denied their guilt and asked to drop the case.
The Moscow City Court issued a verdict in the case of a hacker who hacked the IT systems of the Hemotest medical laboratory. According to the verdict, the court sentenced the burglar to 1.5 years of probation under Part 3 of Article 272, Part 2 of Article 273 of the Criminal Code of the Russian Federation.
A hacker accessed the data using a compromised account [email protected] and PHP scripts (1650553341626171fd617886.05693802.php, db-informations.php, php-informations.php), including via the p0wny-shell web shell and the video upload form on the web service of the Corporate TV laboratory (corptv.gemotest.ru). From April 21 to May 3, 2022, the hacker and unidentified individuals used these scripts to download data from the laboratory's databases.
Expert opinion No. 001/23 of May 15, 2023 revealed that requests to the PHP script were made from April 21 to May 3, 2022 "db-informations.php". Queries contained information, including user names and names of databases and tables.
From the analysis of requests with the status "200", indicating their successful execution, the expert revealed that requests from the user" itr-corptv "("itr-corptv") were sent to the databases" OrdersFromCACHE "("OrdersFromCACHE") and" MIS "("MIS"). According to the log files, data from requests was sent to the IP address 10.132.132.132, which is probably part of the local network that connects the web server hosted on the VM to the global Internet.
According to the Telegram channel "Information Leaks", Fuad Maarif oglu Alekperov, who was found guilty in court in this case, may have participated in other well-known cases of hacking and distributing personal data of clients of various companies.
On May 3, 2022, the DLBI service reported a leak of the Hemotest customer database containing personal data and test results. Later, DLBI experts found out that the leak occurred due to a vulnerability in the laboratory's IT system.
Hemotest launched an investigation into the incident on May 4, and Roskomnadzor appealed to the prosecutor's office. On May 18, the lab confirmed the hack, adding that the leak was smaller than reported online. On July 25, the Moscow Magistrate's Court fined Gemotest 60 thousand rubles for leaking 300 GB of customer data.
According to Roskomnadzor, the incident occurred due to the compromise of the employee's account, which allowed hackers to upload data. At the trial, representatives of the laboratory admitted the fact of the hacker attack, but denied their guilt and asked to drop the case.
