View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 28, 2022updated 06 Jul 2022 11:42am

Has ‘clown show’ hacking gang Stormous really breached Coca-Cola?

Hackers claim to have stolen 161Gb of Coca-Cola's data. But experts are sceptical about the claims.

By Claudia Glover

Coca-Cola is investigating claims of a breach into its systems by hacking gang Stormous, which has published a statement online declaring it has infiltrated the soft drinks giant’s online infrastructure, lifting 161GB of data. Analysts have urged caution, saying the group has a reputation for making bogus statements.

Coca-cola hack
Coca-Cola may have been the victim of a cyberattack. (Photo by Matthew Horwood/Getty Images)

Coca-Cola disclosed this week that it is investigating a possible breach by Stormous after the gang posted to its Telegram channel that it had broken into one of the organisation’s servers and managed to lift 161GB of data. Stormous is demanding 16 million bitcoin from Coca Cola for the data, while also apparently offering the data for sale on the dark web for $64,000.

“We are aware of this matter and are investigating to determine the validity of the claim,” said Coca-Cola communications vice president Scott Leith in response to the claims.

Coca-Cola data breach: what happened?

In its blog post, Stormous wrote that it had hacked Coca-Cola’s servers and acquired a large amount of data. It has not provided any details on the type of data, but has demanded that the company contact it to discuss returning the information in exchange for a fee.

The claim followed a poll that the gang had posted the week before, tantalising its followers with a choice of who it could breach. Coca-Cola won with 72% of the votes. “Since it was a vote on giant beverage company Coca-Cola we hacked some of their servers and went [sic] over 161GB,” Stormous wrote, adding that the group was opening a store on the dark web where it would be selling information from the Coca-Cola hack, as well as data stolen from other targets.

Last month, Stormous released a statement claiming to have lifted data from the network of the Ministry of Foreign Affairs of Ukraine, including phone numbers, emails, passwords, and card numbers from the ministry’s database. However this data was already widely available on the dark web, according to a report by security company SOCRadar.

What is Stormous?

Stormous first came to prominence in March with its alleged hack on Epic Games, the company behind Fortnite. It claimed it had discovered a vulnerability in the company’s internal network, where it stole nearly 200Gb of data, including the information of nearly 33 million users. But though it said it would leak the data onto the dark web, no information was forthcoming after the initial threats.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

This behaviour makes security researchers sceptical about the Coca-Cola hack. “The history of this group is questionable at best,” says Etay Maor, senior director of security strategy at security company Cato Networks. “With the Ukrainian Ministry, the data was already out there and the one with Epic Games was never proved.”

This sort of hack is known as ‘scavenging’, continues Maor. “They wouldn’t be the first ones to do these kind of scavenger hunts where they take stuff that’s already out there,” he says.

This technique is not uncommon, adds Chris Morgan, senior cyber threat intelligence analysts at security company Digital Shadows. “Some researchers have suggested that many of their attacks are either a scam or the group is exaggerating their claims,” Morgan says. “This is not uncommon for cybercriminal groups, who often embellish the details of their activity in order to coerce victims into paying a ransom.”

Morgan adds that it’s possible Stormous has been engaging in scavenging, but that there is currently a lack of evidence to prove this.

Indeed, the gang’s reputation and the magnitude of their latest alleged victim means it is likely the Coca-Cola hack claims are false, argues Alan Liska, cybersecurity incident response team lead at Recorded Future: “There is a lot of scepticism around Stormous and this attack in particular,” he says. “In the grand scheme of things 161GB of data is not a lot for a group that supposedly had access to Coca Cola’s corporate network and was able to exfiltrate data unfettered.”

Liska says Stormous is known as “a bit of a clown show”, but warns: “That doesn’t mean they didn’t successfully pull off the attack, it is possible. But I think many researchers are going to need additional verification before taking this group at their word.”

Read more: Supply chain cyberattack on Ministry of Defence sees Army recruitment data stolen

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.