In screengrabs posted to Twitter (see below), the gang said it had hacked a number of Coca-Cola’s servers and intended to sell the data on.
Coca-Cola has confirmed it is aware of the gang’s claims, but gave no further information. In a statement circulated to media, the firm’s communcations vice-president Scott Leith said: “We are aware of this matter and are investigating to determine the validity of the claim.”
Leith went on to confirm that the Atlanta, Georgia-based company is coordinating its response with law enforcement.
Little is currently known about the Stormous gang, which appears to be a relative newcomer to the cyber criminal underground.
It is possible its core members are located in an Arabic-speaking country, and the group has previously come out in support of Russia’s war on Ukraine, which has led to speculation that its victimisation of Coca-Cola is a response to the organisation pulling out of the Russian market.
Coca cola hacked pic.twitter.com/cVpKCTcD8T
– Clandestine (@akaclandestine)
April 25, 2022
According to Bleeping Computer, although the group has previously claimed to be a ransomware operator, there is actually no evidence that it has deployed any ransomware on any of its victims’ networks.
This suggests that the group is merely exfiltrating data rather than encrypting it, a tactic held in common with the recently disrupted Lapsus$ cyber crime gang.
Also in common with Lapsus$, Stormous has been active on the encrypted Telegram communications platform, where it has polled members of the public on which victim to target next.
Commenting on the incident, ProPrivacy’s Ray Walsh described the allegations by Stormous as “extremely unnerving”.
“If true, the stolen data is likely to be extremely sensitive and could be used to engage in fraud and identity theft, putting hundreds of thousands of individuals and companies at risk,” he said. “The fact that this hack has been orchestrated by the Stormous hacking collective, which already expressed its support for the war in Ukraine, is extremely worrying.
“It is not yet clear what the hackers intend to do with the revenue raised by selling the stolen Coca-Cola data. However, it seems there is a distinct possibility that the money could filter back to Putin to help fund the ongoing war in Ukraine.”
Egnyte’s cyber security evangelism director, Neil Jones, added that even if Stormous was lying or exaggerating its claims, it has already scored a substantial success, to some degree.
“The alleged data breach demonstrates that even potential breaches can impact an organisation’s brand reputation and necessitate formal media responses by the company,” he said.
“Although details of the incident are still emerging, an effective incident response plan needs to account for potential attacks that originate from financially motivated cyber attackers, disgruntled insiders and even competitors who are trying to gain an edge in a critical market.”
Computer Weekly contacted Coca-Cola for further details of the investigation, but the organisation had not responded at the time of publication.