Russia-supporting cyber crime gang claims Coca-Cola as sufferer
Stormous cyber crime collective claims to beget stolen 161GB of recordsdata from Coca-Cola, and says it plans to sell it off
Printed: 27 Apr 2022 14: 12
A cyber criminal gang going by the moniker Stormous claims to beget stolen a 161GB trove of recordsdata from gentle drinks manufacturer Coca-Cola, and is ransoming it for approximately $64,000 (£50,840).
In screengrabs posted to Twitter (ticket below), the crowd acknowledged it had hacked a vary of Coca-Cola’s servers and intended to sell the data on.
Coca-Cola has confirmed it’s miles responsive to the crowd’s claims, but gave no extra recordsdata. In an announcement circulated to media, the company’s communcations vice-president Scott Leith acknowledged: “We’re responsive to this topic and are investigating to settle the validity of the convey.”
Leith went on to substantiate that the Atlanta, Georgia-essentially based entirely firm is coordinating its response with legislation enforcement.
Minute is in the mean time known about the Stormous gang, which looks a relative newcomer to the cyber criminal underground.
It’s some distance feasible its core participants are positioned in an Arabic-speaking nation, and the team has beforehand attain out in make stronger of Russia’s battle on Ukraine, which has led to speculation that its victimisation of Coca-Cola is a response to the organisation pulling out of the Russian market.
Coca cola hacked pic.twitter.com/cVpKCTcD8T
– Clandestine (@akaclandestine)
April 25, 2022
Fixed with Bleeping Pc, even even supposing the team has beforehand claimed to be a ransomware operator, there may be largely no evidence that it has deployed any ransomware on any of its victims’ networks.
This implies that the team is merely exfiltrating data fairly than encrypting it, a tactic held in frequent with the impartial lately disrupted Lapsus$ cyber crime gang.
Additionally in frequent with Lapsus$, Stormous has been stuffed with life on the encrypted Telegram communications platform, where it has polled participants of the public on which sufferer to goal next.
Commenting on the incident, ProPrivacy’s Ray Walsh described the allegations by Stormous as “extraordinarily unnerving”.
“If accurate, the stolen data is at likelihood of be extraordinarily tranquil and is at likelihood of be feeble to grab in fraud and identity theft, inserting quite a lot of of hundreds of folks and companies at likelihood,” he acknowledged. “The reality that this hack has been orchestrated by the Stormous hacking collective, which already expressed its make stronger for the battle in Ukraine, is extraordinarily being concerned.
“It’s no longer but obvious what the hackers intend to attain with the income raised by selling the stolen Coca-Cola data. On the opposite hand, it seems there could be a obvious possibility that the money may perchance well perchance filter encourage to Putin to abet fund the continued battle in Ukraine.”
Egnyte’s cyber safety evangelism director, Neil Jones, added that despite the reality that Stormous modified into mendacity or exaggerating its claims, it has already scored a large success, to some stage.
“The alleged data breach demonstrates that even doubtless breaches can affect an organisation’s ticket status and necessitate formal media responses by the firm,” he acknowledged.
“Despite the reality that small print of the incident are tranquil emerging, an effective incident response blueprint wants to account for doubtless assaults that abolish from financially motivated cyber attackers, disgruntled insiders and even opponents who are making an strive to prevail in an edge in a predominant market.”
Pc Weekly contacted Coca-Cola for extra small print of the investigation, but the organisation had no longer replied at the time of newsletter.