Kraft Heinz investigating possible cyberattack
No definite signs of attack have been found so far, but the company is checking it out
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Food giant Kraft Heinz is investigating after a notoriousransomwaregroup claimed it had hit the company with a cyberattack.
In an August post to the Snatch extortion group’s data leak website, made visible on December 14, claims about a Kraft Heinz breach were made. However, the group failed to back up its claims by providing any proof or screenshots, which is typically the case when a group threatens to leak a company’s data if a ransom fee is not paid.
Kraft Heinz, however, is unsure whether the claims have any credibility, and says that its online services are operating as expected.
Kraft Heinz cyberattack
In a statement toBleepingComputer, a company spokesperson said: “We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims. Our internal systems are operating normally, and we currently see no evidence of a broader attack.”
Previously, Snatch has used double-extortion tactics to both encrypt and threaten to leak companies’ data, demanding payment for both decryption and the promise to delete the stolen data.
The group, which has been active since around 2018, also appeared in a jointcybersecurity advisoryby the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) in September 2023.
It’s an advisory worth reading, as it offers 20 detailed mitigation measures that companies can take to protect themselves against such ransomware attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The report notes that Snatch operates a ransomware-as-a-service (RaaS) model. The group is often observed rebooting machines into Safe Mode to evade detection by popular endpoint protection services.
Previous victims have included the Florida Department of Veterans Affairs and the South African Department of Defense. If the claims of a Kraft Heinz breach end up being true, companies like Philadelphia, Jell-O, and Lunchables could be affected.
More from TechRadar Pro
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
