Russian-Linked Hackers Stormous Claim To Have Pwned Coca Cola

A group of Russian-linked hackers named Stormous claimed that they have pwned Coca Cola:

A ransomware gang known as STORMOUS has claimed responsibility for the attack. The Russian-affiliated hacking group claims it hacked some of Coca-Cola’s servers, making off with around 161 GB of information without the company’s knowledge. STORMOUS is apparently looking to sell off the data for $64,396.67 or 1.6467 BTC.

Though the group is relatively new — first appearing in late 2021 — this isn’t the first time it has claimed a high-profile cyber theft. Earlier this year, STORMOUS claimed a breach of Epic Games, attempting to sell off over 200GB of data.

It has not yet been confirmed or verified by cybersecurity analysts and experts if Epic Games, nor any of STORMOUS’s other alleged victims, has actually been breached or not.

Coca Cola had this to say:

In response to the claims, a Coca-Cola spokesperson told The Record that the company has informed law enforcement about the possible breach. Scott Leith, the company’s communications vice president released a statement saying: “We are aware of this matter and are investigating to determine the validity of the claim.”

Anurag Gurtu, CPO of StrikeReady had this comment:

Well, time will tell if we are seeing a wave of Russian-backed threat actors compromising big organizations such as Coca-Cola.

Known for its website defacement and information theft, the Stormous ransomware gang represents itself as a group of Arabic-speaking hackers. The group has been active since 2021, and recently announced its support for the Russian government and its intention to attack Ukrainian government institutions. This ransomware provides the actor with the ability to upload custom payloads to the affected server via open-source resources such as Pastebin and remote upload. Since the actor can modify encryption and decryption keys, as well as copy ransom messages in the wild, the actor’s capabilities, which include dropping malware, encryption, and sending a ransom note, can be hard to identify. In addition, the actor’s ransomware is PHP-based, so it is easy to modify on the fly.

This is big if this is true. Clearly what we’re seeing is hacker groups graduate to bigger and more bold activities. And on top of that, this specific group has aligned itself with Russia. Making all of this a bad combination. Potentially.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: