Coca-Cola and its bottling associate, Coca-Cola Europacific Companions (CCEP), are going through separate cyberattack claims from two distinct menace teams. The Everest ransomware gang says it has breached Coca-Cola’s methods, whereas one other group named Gehenna (aka GHNA) is providing what it claims is a large database stolen from CCEP’s Salesforce surroundings.
Everest Ransomware Targets Coca-Cola
The Everest ransomware group has listed Coca-Cola as a sufferer on its darkish net leak web site, sharing screenshots that counsel entry to inner paperwork and private data of 959 Staff. These embody visa and passport scans, wage information, and different HR-related information.
In line with samples reviewed by Hackread, the breach seems to have an effect on Coca-Cola’s operations within the Center East, with a number of recordsdata indicating that the Dubai workplace on the Dubai Airport Free Zone (DAFZ) could have been the precise goal.
Everest has launched samples that include worker identification particulars and paperwork that usually flow into inside HR departments. The character of the leaked recordsdata signifies that personally identifiable data (PII) is concerned.
Mr. Agnidipta Sarkar, Vice President CISO Advisory at ColorTokens, commented on the techniques: “Preliminary analysis factors to techniques like harvesting credentials and concentrating on Lively Listing, although these claims aren’t at all times dependable. If this assault is real, it suggests Coca-Cola’s cybersecurity investments could not have been sufficient to cease it.”
Gehenna Claims Main Breach at Coca-Cola Europacific Companions
In a separate incident, the Gehenna hacking group claims to have breached CCEP’s Salesforce dashboard earlier this month. The group says it exfiltrated greater than 23 million information, courting again to 2016, containing delicate buyer relationship administration (CRM) information.
The info allegedly contains 7.5 million Salesforce account information (6GB), 9.5 million customer support circumstances (52GB), 6 million contact entries (5GB), and over 400,000 product information (300MB).
Gehenna shared samples on a public information breach discussion board, which included case logs referencing Coca-Cola Enterprises Norway, full with buyer help historical past and get in touch with particulars.
The group additionally posted a message geared toward CCEP workers, stating that they’re “open to presents” and warning that they “have extra the place that got here from.” Gehenna additionally claimed accountability for earlier incidents affecting Samsung Germany and Royal Mail, including weight to the seriousness of their assertion.
The group has additionally supplied contact data by way of Telegram and seems to be actively soliciting a response from Coca-Cola Europacific Companions.
Each incidents come amid an uptick in cyberattacks concentrating on massive multinational companies, notably these holding buyer and worker information at scale. The techniques utilized by Everest and Gehenna mirror totally different approaches, ransomware extortion and information leak-based strain, however the purpose is just like making a living out of stolen data.
Coca-Cola and CCEP haven’t publicly confirmed the breach on the time of writing.
John Bambenek, President at Bambenek Consulting, famous the broader threat with cloud platforms: “As corporations undertake extra SaaS options, it opens new doorways for menace actors. SaaS platforms usually lack the logging and safety visibility that conventional infrastructure supplies.”
He suggested that “Organizations have to prioritize integrating SaaS logs into their SIEM and constructing detections for suspicious behaviour like large-scale information lookups from a single person account to keep away from being caught off guard.”
Nonetheless, each teams look like energetic and well-resourced. Whether or not by means of legislation enforcement motion or inner response, a public assertion could assist make clear the actual impression behind the claims.
