Feeds

China fingered for Coca Cola hack - report

Several big name multinationals kept quiet about breaches

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Suspected Chinese hackers launched damaging cyber raids on several big name multi-nationals over the past few years, including Coca Cola, according to new reports.

Fizzy drink giant Coca Cola, British energy company BG Group, Luxembourg-based steel maker ArcelorMittal and Chesapeake Energy were all named by Bloomberg as having been breached but deciding not to reveal the news at the time.

Coca Cola’s computer systems were infiltrated thanks to an email sent to then the deputy president of Coca-Cola’s Pacific Group, Paul Etchells.

Appearing to come from the CEO, it actually contained a malicious link which, when Etchell clicked, began downloading malware including a keylogger, the report said.

Hackers spent around a month rooting around inside Coca Cola’s systems, said Bloomberg, citing an internal company document detailing the cyber intrusion. The document is said to attribute the attack to state-sponsored attackers as the culprits.

The attack was launched in 2009 with the aim of exfiltrating files relating to Coca Cola’s ultimately unsuccessful $US2.4bn acquisition of China Huiyuan Juice Group. China’s Ministry of Commerce eventually rejected the deal after raising competition concerns.

Although the report claimed state-sponsored actors were involved, experts interviewed by the news wire said the attack had all the hallmarks of Comment – a prolific Chinese hacking group.

Comment was also fingered for a 2011 attack on US gas giant Chesapeake Energy, by hacking the computers of its partner Jeffries Group. Chesapeake was apparently in dialogue at the time with a Chinese energy company about joint shale gas investments.

Comment was also accused of hacking ArcelorMittal, searching for a file named “China” on a senior exec's computer and pinching a whole load of PowerPoint slides.

BG Group was hacked in 2011 in a breach said to have been massive – including geological maps and drilling records – but like all the others, unreported at the time.

The incidents, if they took place, highlight the risks to multinational firms with business interests in China. Experts increasingly warn about such risks, with IP theft said to be prevalent.

Google took the rare step of going public after it uncovered the China-based Operation Aurora attacks on it and other firms in 2010. Since then, covert APT-style targeted attacks believed to originate in China have often hit the headlines. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.