Privateering against Western brands.
Some recent ransomware attacks are being interpreted as privateering. Two groups in particular, the gangs behind Conti and Stormous, have been particularly active in the Russian interest. Conti, the better known of the two, has sustained doxing and compromise of internal chatter by hacktivists and (probably) Ukrainian intelligence services, but these seem not to have slowed it down, whatever fleeting embarrassment and reputational damage it may have suffered in the underworld. SecurityWeek reports that at least thirty new victims of Conti have been claimed on the gang's site in the month of April alone.
The other operation, Stormous, only came to prominence around the outset of Russia's invasion of Ukraine. This group has claimed, according to Security Affairs, to have successfully obtained access to some of the Coca-Cola Company's servers from which they've stolen some 116 gigabytes of information. Cybernews says that the filenames mentioned by Stormous suggest that the gang is claiming to have taken "financial data, passwords, commercial accounts, email addresses, and other data." Stormous crowed large on its site:
“Since it was a vote on giant beverage company ( Coca-Cola ) ! we hacked some of their servers and went over (161G) ! But the situation is not always as we want to sell it by any other ways we have opened our store on our own website in the dark web ! This company was the first victim. Browse a little on our site If you want to buy you can contact us and we will provide you some required data as initial proof! Then you can pay or buy depending on the amount of data you want ! Warning : It will only be a way to sell data to some big companies but for other companies we will leak their data like we always did !! Browse our site !"
(We recommend not. Let the hoods talk among themselves.) Stormous asked Coca-Cola for precisely $64,396.67 in ransom, which, chickenfeed as it is, suggests that their motivation is embarrassment and brand damage as opposed to financial gain. The gang says it picked Coca-Cola (an iconic and globally recognized American brand) in response to a vote taken among the followers of its Telegram channel.
Stormous has a dubious reputation. All criminals are dubious, of course, but the word on the street about Stormous is that they're not what they claim to be. Their victims tend not to have confirmed the attacks Stormous claims, and there's speculation reported by SOCRadar and others that Stormous is a "scavenger operation," that is, they simply scrape up material others have dumped and represent it as their own.
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.