IKEA investigating cyberattacks on outlets in Kuwait, Morocco

Swedish furniture giant IKEA confirmed that its franchises in Kuwait and Morocco are dealing with a cyberattack that caused a disturbance on some operating systems. 

A spokesperson told The Record that the attack is “being investigated together with the relevant authorities as well as our cyber security partners.”

“IKEA Kuwait and IKEA Morocco are independently operated by a franchisee based in Kuwait,” the spokesperson said. “The operations and customer meeting points are independent from any other IKEA retailers.”

The outlets in Kuwait and Morocco were added to the leak site of the Vice Society ransomware group on Monday. 

The file names shared on the leak site indicate the hackers stole business as well as employee data and may have additional information taken from IKEA outlets in Jordan. 

IKEA has more than 400 stores across about 50 countries, including four in Morocco, three in Kuwait and two in Jordan.

Almost exactly one year ago, IKEA faced a reply-chain phishing cyberattack that targeted the internal mailboxes of employees. The hackers used compromised email accounts for certain IKEA organizations and business partners to target employees with malicious Excel documents carrying malware. 

"There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA," the company said in an internal email seen by BleepingComputer

"This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversations. It is therefore difficult to detect, for which we ask you to be extra cautious."

The Vice Society group has been active since at least June 2021, and its latest attacks between July and October 2022 have “heavily impacted the education sector.”

But the group also “continues to focus on organizations where there are weaker security controls and a higher likelihood of compromise and ransom payout,” according to a Microsoft report released in October.  

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.