A Moscow court sentenced a hacker for hacking the Gemotest laboratory database

[Daniel]

Details of the hack have also been revealed. The Moscow City Court has rendered a verdict in the case of a hacker who hacked into the IT systems of the Gemotest medical laboratory. According to the verdict, the court sentenced the burglar under Part 3 of Article 272, Part 2 of Article 273 of the Criminal Code of the Russian Federation in the form of 1.5 years probation. The hacker gained access to the data using a compromised [email protected] account and PHP scripts (1650553341626171fd617886.05693802.php, db-informations.php, php-informations.php), including through the p0wny- web shell shell and a video upload form on the web service of the Corporate TV laboratory (corptv.gemotest.ru). From April 21 to May 3, 2022, a hacker and unidentified persons, using these scripts, downloaded data from the laboratory databases. In expert opinion No. 001/23 dated May 15, 2023, it was revealed that from April 21 to May 3, 2022, queries were made to the PHP script “db-informations.php”. The queries contained information including usernames and names of databases and tables. From the analysis of requests with the status “200”, indicating their successful completion, the expert revealed that requests from the user “itr-corptv” (“itr-corptv”) were sent to the “OrdersFromCACHE” and “MIS” databases ( "MIS") According to the log files, the data from the requests was sent to the IP address 10.132.132.132, which is likely part of the local network connecting the web server hosted on the virtual machine to the global Internet. According to the Telegram channel “Information Leaks”, Alekperov Fuad Maarif ogly, who was found guilty in court in this case, may have participated in other well-known cases of hacking and dissemination of personal data of clients of various companies. On May 3, 2022, the DLBI service reported a leak in the Hemotest client database containing personal data and test results. DLBI experts later found out that the leak occurred due to a vulnerability in the laboratory’s IT system. Gemotest began investigating the incident on May 4, and Roskomnadzor contacted the prosecutor's office. On May 18, the laboratory confirmed the hack, clarifying that the leak was smaller than reported on the Internet. On July 25, the Moscow Magistrate Court fined Gemotest 60 thousand rubles for leaking 300 GB of customer data. According to Roskomnadzor, the incident occurred due to the compromise of an employee’s account, which allowed hackers to download data. At the trial, representatives of the laboratory admitted the fact of the hacker attack, but denied their guilt and asked to drop the case.