Data apparently belonging to retail giant IKEA has appeared on the dark web blog of data extortion gang Vice Society. Information from branches in Morocco and Kuwait, possibly including passport data of employees, has been exposed by the gang
Swedish company Ikea has 420 stores spread across 50 countries, and posted revenue of more than €40bn last year.
Ikea data appears on Vice Society blog
The illicit data was reportedly stolen from the company’s systems a few weeks ago and posted online last week.
File and folder names could indicate that the data includes the passport details of Ikea employees. Leaked information from branches in Jordan may have also been posted to the blog.
The data is posted alongside a passage of what appears to be an excerpt from an Ikea promotional campaign. “We believe that no matter what we do in life, we should always be the absolute best at it,” it reads, in what appears to be a mocking tone.
It is not clear if a ransom demand has been issued or paid, but the fact that Vice Society has posted the information on its blog could indicate that Ikea has refused to comply with any demands it has made. Tech Monitor has contacted Ikea for comment but had not received a reply at the time of publication.
Ikea’s second cyberattack in a year?
Ikea was also the victim of a cyberattack in November last year. Called a “reply-chain email attack,” threat actors stole corporate credentials from the company’s network and used them to reply to emails with phishing links to malicious documents that install malware on recipients’ devices.
The attack went on for several days and the company was forced to open an investigation into the incident. “It is of our highest priority that Ikea customers, co-workers and business partners feel certain that their data is secured and handled correctly,” a spokesperson said at the time.
This attack was carried out using malware called SquirrelWaffle.
Vice Society sees its profile rise
Vice Society is believed to be a Russian-speaking data exfiltration and extortion group. Its primary targets are the education and health sectors, particularly in the US.
CISA and the FBI released a joint advisory in September including techniques, tactics and procedures for how the gang infiltrates systems in the education sector, as schools were aggressively targeted by the gang this year.
According to the advisory, “The FBI, CISA, and the MS-ISAC [the US centre for internet security] have recently observed Vice Society actors disproportionately targeting the education sector with ransomware attacks, especially kindergarten through twelfth grade (K-12) institutions. The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.”