Multinational companies around the world voluntarily pulled their business out of Russia after president Vladimir Putin launched an unprovoked invasion of Ukraine, but the hacker group Anonymous is determined to give any stragglers a nudge. The hacktivist group recently leaked data, emails and passwords of food giant Nestlé’s customers and warned other companies that continued doing business in Russia that they would be next.
“We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin’s criminal regime: Pull out of Russia!” the group tweeted. “We give you 48 hours to reflect and withdraw from Russia or else you will be under our target!”
The group announced that Nestlé had become its first target. “The #Anonymous collective has leaked the database of the largest food company in the world, Nestlé. Leaked 10GB data of emails, passwords, Nestlé business costumers, etc.,” Anonymous tweeted.
And the collective explained that “Only a sample of data has been published with more than 50K Nestlé business customers. Leak: https://gofile.io/d/kyFj0A (No Virus detected) Currently the weight is 10GB in SQL Format.”
As Putin stepped up the assault on Ukraine, hackers and hacktivists jumped into the fray.
“When we look at external forces, which are many, that can impact an organization, often we do not think about such formidable forces, like hacktivist groups, in the equation. But knowing that hacktivist group(s) have been vocal and actively involved in the conflict in eastern Europe, organizations operating in that part of the world need to include such risk scenarios in their radar screen,” said Nasser Fattah, North America committee chair at Shared Assessments. “Primarily because a risk like this can quickly materialize and become an unexpected issue for an organization to manage. Note this risk scenario is comparable for organizations that might not directly operate in Russia but that have critical suppliers working in Russia—those critical suppliers are now the target.”
But Nestlé took issue with Anonymous’s claims, arguing that the leak was the result of its own actions and that the data was accidentally published in February. “It related to a case from February this year, when some randomized and predominantly publicly available test data…was made accessible unintentionally online for a short period of time,” Fortune cited Nestlé as saying. “We quickly investigated, and no further action was deemed necessary.”
Nevertheless, it appeared Nestlé felt the heat to cut ties with Russia, announcing that it was ending capital investment in the country and would pare back the consumer products it offers there, selling only “essential products.”
Still, the hacktivist group’s claim is a cautionary tale, some cybersecurity pros say.
“This [A]nonymous threat to Nestlé is a clear example of how we cannot let hacker groups set international policy on what is proper or improper conduct. It’s the worst kind of kangaroo court for social justice imaginable,” said Garret Grajek, CEO at YouAttest. “It is imperative that enterprises, especially the ones listed as critical infrastructure by the Biden administration, place a high priority on cybersecurity—especially principles like zero-trust and identity governance that proactively stop the spread of intrusions and alert the enterprise of malfeasance.”
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- UK bans Chinese CCTV cameras at ‘sensitive’ government locations - 26 November 2022
- Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year - 25 November 2022
- RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users - 24 November 2022