On Could 22, Hackread.com reported that Everest claimed duty for stealing knowledge on 959 Coca-Cola staff, particularly throughout the Center East, together with the UAE, Oman, and Bahrain. Individually, one other hacker group claimed to have stolen 23 million data from Coca-Cola Europacific Companions (CCEP).
Hackread.com can now affirm that the Everest ransomware group has leaked delicate worker knowledge stolen from the Coca-Cola Firm. The information has been leaked on the Everest ransomware group’s darkish internet leak web site in addition to on the infamous Russian-language cybercrime discussion board XSS.
The group has posted a 502 MB knowledge dump, exposing Coca-Cola’s Center East-specific inside and worker data. The leaked folder accommodates 1,104 information with data that features:
- Full names of staff
- Enterprise and residential addresses
- Household and marriage certificates
- Copies of visas, passports, residency permits
- Cellphone numbers, banking particulars, wage data
- Worker private and enterprise e-mail addresses
What’s Contained in the Leaked Recordsdata
Among the many uncovered paperwork is an Excel file titled SuperAdmin_User_Account_Cocacola, detailing Coca-Cola’s inside administrative account construction and assigned roles. Whereas it doesn’t embrace passwords or direct login credentials, it outlines which accounts maintain vital permissions, together with system directors, HR roles, and integration accounts. This makes it a helpful map for menace actors, such because the just lately FBI-warned Silent Ransom Group and others, aiming to take advantage of the corporate’s system hierarchy.
One other file, Emp Hierarchy Add, lists:
- Organizational hierarchy ranges
- Job titles and departmental particulars
- Nation-based supervisor constructions
- Worker usernames and full names
- Reporting traces, exhibiting who experiences to whom
A 3rd file, HRBP Add, accommodates knowledge on Coca-Cola’s HR Enterprise Accomplice (HRBP) assignments, together with:
- Departmental features
- Worker IDs and full names
- Assigned HRBP names and linked consumer IDs
- Relationship begin and finish dates (with many set as open-ended)
Sensitivity of The Leaked Knowledge
Whereas not all information include direct entry credentials, the mixture of delicate private knowledge, administrative constructions, and inside HR mapping will increase the cybersecurity danger profile for Coca-Cola. Such particulars can support cybercriminals in a number of methods together with:
- Spear-phishing assaults, concentrating on particular people with crafted emails or messages
- Social engineering schemes, utilizing data of inside relationships to impersonate executives, managers, or HR personnel
- Cellphone-based scams, the place attackers name staff pretending to be HR or IT employees, asking them to share system credentials
- Credential harvesting, by directing staff to phishing web sites disguised as official HR or IT portals
- Malware supply, the place attackers pose as HR managers or assist groups and trick staff into putting in malware beneath the guise of a “distant entry instrument” or “required replace”
- Mapping inside techniques and roles, serving to attackers plan extra exact future breaches, escalate privileges, or exploit admin-level entry.
Moreover, the publicity of passports, visas, and banking particulars presents direct private dangers to affected staff, opening the door to identification theft, monetary fraud, or cross-border privateness considerations.
It stays unclear whether or not there have been any negotiations or communications between the Everest ransomware group and Coca-Cola concerning a ransom cost. To this point, no particulars have emerged publicly about whether or not Coca-Cola engaged in talks, refused to pay, or remains to be assessing the state of affairs internally. As with many ransomware circumstances, firms typically withhold such data whereas investigations are ongoing or whereas working with legislation enforcement.
Persistent Menace
The Everest ransomware group has a historical past of leaking delicate company knowledge when ransom calls for go unmet. Whereas Coca-Cola has not but issued a public assertion concerning this leak, the dimensions and depth of the uncovered knowledge spotlight the rising hazard posed by ransomware actors, not simply to firm techniques, however to the non-public lives and safety of staff.
Hackread.com will proceed monitoring this growing story.
