On Could 22, Hackread.com reported that Everest claimed duty for stealing knowledge on 959 Coca-Cola workers, particularly throughout the Center East, together with the UAE, Oman, and Bahrain. Individually, one other hacker group claimed to have stolen 23 million data from Coca-Cola Europacific Companions (CCEP).
Hackread.com can now verify that the Everest ransomware group has leaked delicate worker knowledge stolen from the Coca-Cola Firm. The info has been leaked on the Everest ransomware group’s darkish internet leak website in addition to on the infamous Russian-language cybercrime discussion board XSS.
The group has posted a 502 MB knowledge dump, exposing Coca-Cola’s Center East-specific inside and worker data. The leaked folder accommodates 1,104 information with info that features:
- Full names of workers
- Enterprise and residential addresses
- Household and marriage certificates
- Copies of visas, passports, residency permits
- Cellphone numbers, banking particulars, wage data
- Worker private and enterprise e-mail addresses
What’s Contained in the Leaked Information
Among the many uncovered paperwork is an Excel file titled SuperAdmin_User_Account_Cocacola, detailing Coca-Cola’s inside administrative account construction and assigned roles. Whereas it doesn’t embody passwords or direct login credentials, it outlines which accounts maintain essential permissions, together with system directors, HR roles, and integration accounts. This makes it a helpful map for risk actors, such because the just lately FBI-warned Silent Ransom Group and others, aiming to take advantage of the corporate’s system hierarchy.
One other file, Emp Hierarchy Add, lists:
- Organizational hierarchy ranges
- Job titles and departmental particulars
- Nation-based supervisor buildings
- Worker usernames and full names
- Reporting traces, displaying who stories to whom
A 3rd file, HRBP Add, accommodates knowledge on Coca-Cola’s HR Enterprise Associate (HRBP) assignments, together with:
- Departmental features
- Worker IDs and full names
- Assigned HRBP names and linked consumer IDs
- Relationship begin and finish dates (with many set as open-ended)
Sensitivity of The Leaked Knowledge
Whereas not all information include direct entry credentials, the mixture of delicate private knowledge, administrative buildings, and inside HR mapping will increase the cybersecurity threat profile for Coca-Cola. Such particulars can help cybercriminals in a number of methods together with:
- Spear-phishing assaults, focusing on particular people with crafted emails or messages
- Social engineering schemes, utilizing data of inside relationships to impersonate executives, managers, or HR personnel
- Cellphone-based scams, the place attackers name workers pretending to be HR or IT workers, asking them to share system credentials
- Credential harvesting, by directing workers to phishing web sites disguised as official HR or IT portals
- Malware supply, the place attackers pose as HR managers or assist groups and trick workers into putting in malware beneath the guise of a “distant entry software” or “required replace”
- Mapping inside programs and roles, serving to attackers plan extra exact future breaches, escalate privileges, or exploit admin-level entry.
Moreover, the publicity of passports, visas, and banking particulars presents direct private dangers to affected workers, opening the door to id theft, monetary fraud, or cross-border privateness considerations.
It stays unclear whether or not there have been any negotiations or communications between the Everest ransomware group and Coca-Cola relating to a ransom fee. To date, no particulars have emerged publicly about whether or not Coca-Cola engaged in talks, refused to pay, or continues to be assessing the scenario internally. As with many ransomware circumstances, firms usually withhold such info whereas investigations are ongoing or whereas working with legislation enforcement.
Persistent Risk
The Everest ransomware group has a historical past of leaking delicate company knowledge when ransom calls for go unmet. Whereas Coca-Cola has not but issued a public assertion relating to this leak, the dimensions and depth of the uncovered knowledge spotlight the rising hazard posed by ransomware actors, not simply to firm programs, however to the non-public lives and safety of workers.
Hackread.com will proceed monitoring this creating story.
