Coca-Cola, the world’s largest soft drinks maker, has confirmed in a statement to BleepingComputer that it is aware of the reports about a cyberattack on its network and is currently investigating the claims.
The American beverage giant has started to investigate after the Stormous gang said that it successfully breached some of the company’s servers and stole 161GB of data.
The threat actors listed a cache of the data for sale on their leak site, asking 1.65 Bitcoin, currently converted to around $64,000.
Among the files listed, there are compressed documents, text files with admin, emails, and passwords, account and payment ZIP archives, and other type of sensitive information.
Who is Stormous
Although they claim to be a ransomware group, there is no indication at this time that they are deploying file-encrypting malware on their victim networks.
Closer to a data extortion group, Stormous has stated that they would take action against hacker attacks against Russia in the wake of the invasion into Ukraine.
This is the first time Stormous has posted a stolen data set. Last week, the gang asked their followers to vote on who should be their next victim.
The attack promised denial-of-service, hacking, leaking of software source code and client data. Coca-Cola won the poll with 72% of the votes. The gang said that it took them only a few days to breach the company.
Coca-Cola and the other victim choices in Stormous’ poll show anti-Western stance. Previously, the group claimed Epic Games as their victim.
They announced that they stole 200 gigabytes of data and details of 33 million users of Epic store and games. However, there has been no confirmation about the legitimacy of the data, so Stormous’ reputation about these claims has yet to be established.
Coca-Cola has not confirmed that their data was stolen. The company told BleepingComputer that it is currently collaborating with law enforcement and that the investigation into the alleged Stormous attack has not revealed a negative impact yet.