You can start editing, please remove this line.

The Russian software company Kaluga Astral said on Monday that it had been hit by a cyberattack earlier this month that disrupted several of its services for about a week, affecting customers that rely on its software for tax reporting, electronic document management and other business operations.

“We are bringing each service back online only after completing a full security review — we are not willing to compromise security for the sake of speed. That is why the recovery process is taking longer than we would like,” the company said.

Russian government agencies are involved in the investigation, limiting the company's ability to comment publicly on the attack, Astral said.

The company's internal investigation found no evidence that customer data had been leaked or compromised. Astral did not attribute the attack to any hacking group and disclosed no technical details or possible motive behind the incident.

According to customer complaints, the disruption affected a range of services used by businesses, leading to interruptions in cash register operations, difficulties selling certain regulated goods, loss of access to customer portals and corporate email and problems with electronic human resources document management systems and authentication using digital certificates.

Kaluga Astral develops electronic document management software, digital reporting systems for government agencies and cybersecurity products. Founded in 1993, the company reportedly serves government institutions, banks and large state-owned enterprises, including Russian Post and Moscow public transport operator Mosgortrans.

The incident is not the first cyberattack to affect Astral. In 2022, the company said it was hit by a distributed denial-of-service (DDoS) attack that disrupted some of its services and interfered with customers' reporting processes. The threat actor behind that attack remains unknown.In 2023, the IT Army of Ukraine, a volunteer hacktivist collective, listed Astral among its intended targets. It remains unclear whether the group ever successfully attacked the company, and there is no evidence linking it to the latest incident.

In 2023, the IT Army of Ukraine, a volunteer hacktivist collective, listed Astral among its intended targets. It remains unclear whether the group ever successfully attacked the company, and there is no evidence linking it to the latest incident.