Coca-Cola at center of new Stormous hacking claims

Beverage manufacturing behemoth, Coca-Cola, is currently investigating a report that data stolen from its network is being sold by cyber criminals.

The Russia-linked hacking group behind Stormous ransomware claims to have stolen 161 GB of data from Coca-Cola.

The list of stolen files, seen by CISOAdvisor, shows file names which likely contain financial data, passwords and commercial accounts.

The Coca-Cola listing on the Stormous leak site asks for 1.6bn bitcoin and just over $64,000, in return for the stolen data.

In the listing the hacking group said: “We hacked come of the company’s servers and passed a large amount of data inside.”

While Coca-Cola has not officially confirmed that the data has been stolen, it told BleepingComputer that it was investigating the alleged attack.

It has also been reported that Stormous ransomware listed Coca-Cola as a potential target in a poll on its Telegram group earlier in April. Alongside Coca-Cola other companies included toy manufacturer Mattel, medical device maker Danaher, IT services company Blackboard and aerospace giant GE Aviation. Coca-Cola received 72 per cent of the vote in the poll.

Stormous

Earlier in 2022, the Stormous group claimed to have obtained 200GB of data belonging to Epic Games, this included the information of 33 million users.

According to threat intelligence firm, SOCRadar, the group is seeking to take advantage of the tensions between Russia and Ukraine.

SOCRadar said its analysts suspect the group is trying to make a name for itself by using the agenda of ransomware groups like Conti.

A Telegram post by the group said: “We do not attack Ukraine !!! We are attacking something else !! We attack everyone who attacks us !”

SOCRadar notes that while the group has made numerous claims it has attacked western companies there has been no confirmation of such attacks by the supposed victims.

Digital Recovery, a company specializing in data recovery technologies, has observed that the group’s tactics include double-extortion, which is encryption and data theft.

“The stolen files are leaked if the victim does not pay the ransom. The group has been leaking the files of the attacked companies,” Digital Recovery explains.

You May Also Like

  • Blizzard Entertainment hit by DDoS attack

  • IOTW: A full timeline of the MOVEit cyber attack

  • PwC and EY impacted by MOVEit cyber attack

  • BlackCat threatens to leak 80GB of Reddit data