Snatch ransomware gang claims the hack of the food giant Kraft Heinz

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims.

Kraft Heinz is an American food company, it is one of the largest food and beverage manufacturers globally. Kraft Heinz produces a wide range of popular food products, including condiments, sauces, cheese, snacks, and ready-to-eat meals.

Some of the well-known brands under the Kraft Heinz umbrella include Kraft, Heinz, Oscar Mayer, Philadelphia, Planters, and more.

The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site.

The food giant announced it has launched an investigation into cybercriminals’ claims. In a statement shared with media [1] [2], [3] the company said that it investigating a cyberattack on a decommissioned marketing website.

“We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims,” said a company’s spokesperson. “Our internal systems are operating normally, and we currently see no evidence of a broader attack.”

The Snatch ransomware was first spotted at the end of 2019, Sophos researchers discovered a piece of the Snatch ransomware that reboots computers it infects into Safe Mode to bypass resident security solutions.

In September FBI and CISA published a joint alert on the Snatch ransomware operation as part of the initiative StopRansomware.

“Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations. Snatch threat actors have targeted a wide range of critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture, and Information Technology sectors. Snatch threat actors conduct ransomware operations involving data exfiltration and double extortion.” reads the alert. “After data exfiltration often involving direct communications with victims demanding ransom, Snatch threat actors may threaten victims with double extortion, where the victims’ data will be posted on Snatch’s extortion blog if the ransom goes unpaid.”

In August the gang claimed the hack of the Department of Defence South Africa and added the military organization to its leak site.

In October 2022, the Snatch ransomware group claimed to have hacked the French company HENSOLDT France. HENSOLDT is a company specializing in military and defense electronics.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)