Coca-Cola Trick: Is Stormous’ Rape Genuine?


Coca-Cola Trick: Is Stormous’ Rape Genuine?

Coca-Cola is investigating allegations of a breach of its systems by the Stormous hacker gang, which has posted a statement online claiming it infiltrated the soft drink giant’s online infrastructure, stealing 161GB of data. Analysts have urged caution, saying the group has a reputation for making false claims.

coke trick
Coca-Cola may have been the victim of a cyber attack. (Photo by Matthew Horwood/Getty Images)

Coca-Cola revealed this week that it is investigating a possible breach by Stormous after the gang posted on its Telegram channel that it had broken into one of the organization’s servers and managed to steal 161GB of data. Stormous demands 16 million bitcoins from Coca Cola for the data, while also apparently offering the data for sale on the dark web for $64,000.

“We are aware of this matter and are investigating to determine the validity of the claim,” Coca-Cola vice president of communications Scott Leith said in response to the claims.

Coca-Cola data leak: what happened?

In his blog post, Stormous wrote that he had hacked into Coca-Cola’s servers and acquired a large amount of data. He has not provided any details about the type of data, but has demanded that the company contact him to discuss returning the information for a fee.

The claim followed a poll the gang had released the previous week, tempting its supporters with a choice of whom it might rape. Coca-Cola won with 72% of the votes. “Since this was a vote on the giant beverage company Coca-Cola, we hacked into some of their servers and went [sic] over 161GB,” Stormous wrote, adding that the group was opening a dark web store where it would sell information from the Coca-Cola hack, as well as data stolen from other targets.

Last month, Stormous released a statement claiming to have mined data from the Ukrainian Foreign Ministry’s network, including phone numbers, emails, passwords and card numbers from the ministry’s database. However, this data was already widely available on the dark web, according to a report by the security company SOCRadar.

What is Stormous?

Stormous first rose to fame in March with his alleged attack on Epic Games, the company behind Fortnite. He claimed that he had discovered a vulnerability in the company’s internal network, where he stole almost 200 Gb of data, including the information of almost 33 million users. But while he said he would leak the data to the dark web, no information was forthcoming after the initial threats.

This behavior makes security researchers skeptical about the Coca-Cola hack. “The history of this group is questionable at best,” says Etay Maor, senior director of security strategy at security firm Cato Networks. “With the Ministry of Ukraine, the data was already available, and those of Epic Games were never proven.”

Content from our partners
The growing cybersecurity threats facing retailers

How to integrate security into IT operations

How Kodak Evolved to Meet Seismic Changes in the Printing Industry and Embrace the Digital Revolution

This type of hacking is known as ‘searching’, Maor continues. “They wouldn’t be the first to do these kinds of scavenger hunts where they take things that are already available,” he says.

This technique is not uncommon, adds Chris Morgan, senior cyber threat intelligence analyst at security firm Digital Shadows. “Some researchers have suggested that many of their attacks are scams or that the group is exaggerating their claims,” ​​says Morgan. “This is not uncommon for cybercriminal groups, who often embellish the details of their activity to force victims to pay a ransom.”

Morgan adds that Stormous may have engaged in scavenging, but evidence to prove it is currently lacking.

In fact, the gang’s reputation and the scale of its latest alleged victim means the claims about the Coca-Cola hack are likely to be false, argues Alan Liska, cybersecurity incident response team leader at Recorded Future. : “There’s a lot of skepticism around Stormous and this particular attack,” he says. exfiltrate data without restrictions”.

Liska says Stormous is known as “a clown show,” but cautions, “That doesn’t mean they didn’t pull off the attack, it’s possible. But I think many researchers will need additional verification before taking the word of this group.”

Read more: Supply chain cyberattack on Ministry of Defense leads to Army recruitment data being stolen