Coca-Cola's IT system hit by cyber attack but was kept secret

Security

by CBR Staff Writer| 06 November 2012

A malicious link was emailed to Coca-Cola's deputy president Paul Etchells

US based soft drink company Coca-Cola's IT system was hacked by Chinese hackers three years ago, but the company kept the cyber attack secret.

According to Bloomberg, the hack came when Coca-Cola was looking to acquire the China Huiyuan Juice for about $2.4bn in 2009.

Bloomberg claimed that the deal, which was collapsed three days after the cyber-attack, would have been the largest foreign takeover of a Chinese firm at the time.

According to an internal document, the hackers breached into the company's files pilfered internal e-mails and accessed almost any Microsoft Windows server, work station or laptop on the network with full remote control.

Hackers sent an email to Coca-Cola's deputy president for the Pacific region, Paul Etchells, which had a malicious link which installed keyloggers and other forms of malware when opened.

The US Securities and Exchange Commission (SEC) said Coca-Cola did not publicly disclose the attack.

AlienVault head of security lab Jaime Blasco said: "While the internal Coke report says the intruders were state-sponsored, the attributes of the hack, including the types of malware and techniques used, suggest they are part of Comment group, one of the most prolific hacking groups based in China. It's very clear that Comment was behind it."

Data security company Imperva web researcher Tal Be'ery said: "This hack shows again that compromised insider attacks are a big deal as it foiled a $2bn business deal."

Jacob Olcott, a former cyber policy adviser to the US Congress was quoted by Bloomberg as saying that "Investors have no idea what is happening today."

"Companies currently provide little information about material events that occur on their networks," Olcott said.

Coca-Cola told the BBC in a statement: "Our company's security team manages security risks in conjunction with the appropriate security and law enforcement organisations around the world."

"As a matter of practice, we do not comment on security matters," Coca-Cola said.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.