Hacker group OldGremlin attacked Wildberries

Source: https://cobaltstrike.net/2022/03/15/hacker-group-oldgremlin-attacked-wildberries/

On the morning of March 14, the Wildberries website stopped working fully. The administration of the company stated that the reasons for the termination of the site are purely technical, but its operation cannot be restored for 10 hours.

According to information from several sources at once, the Wildberries website was hacked by a foreign group of OldGremlin hackers, who not only disrupted the operation of the site, but also seized control over it.

Hackers from OldGremlin placed an encryption virus in the site data, which caused a large-scale malfunction of Wildberries.


On the morning of March 14, users of the Wildberries online store began to complain en masse about the failure of the service, both on the stationary and on the mobile application.

According to Wildberries, by 20:00, the company’s IT specialists had eliminated more than 70% of errors in the operation of the site and applications. In mobile applications, users can already place and pay for orders. Errors on placing orders on the website will be fixed soon.

According to unconfirmed reports, work has not yet been restored. Only the frontend works, the entire backend is encrypted.

It became known about OldGremlin 2 years ago, when Group-ib specialists told about a new Russian-speaking cybercrime group, which over the past six months has repeatedly and purposefully attacked Russian companies and organizations using malware and extortionate software. She holds the record for the maximum amount of the requested ransom — in 2021 they expected to receive 250 million rubles from the victim.

Start a discussion …