Skip links

Coca-Cola probes pro-Kremlin gang’s claims of 161GB data theft

Coca-Cola confirmed it’s probing a possible network intrusion after the Stormous cybercrime gang claimed it stole 161GB of data from the beverage giant.

“We are aware of this matter and are investigating to determine the validity of the claim,” Coca-Cola communications global vice president Scott Leith told The Register on Tuesday. “We are coordinating with law enforcement.”

The ransomware gang, which has declared its support for the Russian government’s illegal invasion of Ukraine, this week bragged it “hacked some of the company’s servers and passed a large amount of data inside them without their knowledge.” It’s now trying to sell the stolen data for about $64,000, or nearest offer “depending on the amount of data you want,” Stormous wrote on its website where it leaks pilfered information.

Stormous recently posted a poll on Telegram asking which multinational giant it should target next, and Coca-Cola received 72 percent of the vote, according to a screenshot shared by Security Affairs. And while the crime crew hasn’t said it targeted Coca-Cola in retaliation for its support of Ukraine, Stormous’ previous statements indicate its support for Putin’s war could explain its most recent attack. 

Coca-Cola previously suspended its business in Russia and said it has committed to contributions totaling $14.8 million to support the Red Cross and other relief efforts in Ukraine.

Stormous, who?

Stormous is a new ransomware gang that acccording to Ivan Righi, an analyst at threat intelligence firm Digital Shadows, publicly emerged in the first quarter of this year. Shortly after Russia invaded Ukraine, however, the cybercriminals were quick to follow fellow ransomware gang Conti’s lead and announce its support for Moscow.

“And if any party in different parts of the world decides to organize a cyber-attack or cyber-attacks against Russia, we will be in the right direction and will make all our efforts to abandon the supplication of the West, especially the infrastructure,” the crew wrote in Arabic. 

More recently, the gang claimed it was under attack by US-based cybersecurity teams, and vowed to “do our best to disrupt the various Western unions,” before adding a weirdly ominous ending: “Be on time.”

Conti and Stormous aren’t the only cybercrime gangs taking sides over the war and targeting either the West or the Kremlin, depending on where their loyalties lie.

Accenture’s Cyber Threat Intelligence team, which tracks illicit dark-web activity, recently noted this is the first time it has witnessed “financially motivated threat actors divided along ideological faction.”

“Pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering,” the consultancy said. ®