Kraft Heinz investigates hack claims, says systems ‘operating normally’


Kraft Heinz has confirmed that their systems are operating normally and that there is no evidence they were breached after an extortion group listed them on a data leak site.

Kraft Heinz is one of the world’s largest food and beverage companies, with over 37,000 employees operating out of 40 countries. The company owns numerous well-known brands, including Oscar Mayer, Kool-Aid, Philadelphia, Lunchables, Maxwell House, and many more.

In a post to Snatch extortion group’s data leak site dated August 16th, but not made visible until today, the threat actors claim that they breached Kraft Heinz.

When extortion groups list a company on their data leak sites, it indicates that they stole data in a cyberattack and would soon leak it if a ransom is not paid.

However, Snatch has not provided proof of the breach, with the files section devoid of screenshots of stolen data.

In a statement to BleepingComputer, Kraft Heinz said they are investigating whether a cyberattack on a decommissioned marketing website is related to Snatch’s claims but that they are not experiencing any issues on their corporate network.

“We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims,” a Kraft Heinz spokesperson told BleepingComputer.

“Our internal systems are operating normally, and we currently see no evidence of a broader attack.”

Snatch, a ransomware gang which launched in 2018, was one of the first groups to set up a data leak site to use stolen data as leverage in their extortion demands.

In 2021, threat actors known as “Snatch Team” set up a new data leak site, stating that they were unaffiliated with the previous ransomware group and did not perform encryption attacks.

However, a report by CISA disputes these claims, stating that data from confirmed ransomware victims have appeared on Snatch Team’s website along with data from other ransomware operations’ attacks.



Source link