Kraft Heinz reviewing claims of cyberattack but internal systems ‘operating normally’

The Kraft Heinz Company said it is looking into recent claims of data theft made by a ransomware gang.

The Chicago-based company is the third-largest food and beverage company in North America and the fifth-largest in the world — reporting annual sales of more than $26 billion in 2021.

On Wednesday evening, the Snatch ransomware gang added the company to its leak site, claiming to have stolen an undisclosed amount of data.

A spokesperson for Kraft Heinz provided more information about what may have been attacked but said the company is not dealing with any adverse effects.

“We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims,” the spokesperson said.

“Our internal systems are operating normally, and we currently see no evidence of a broader attack.”

The spokesperson did not respond to follow-up questions about whether a ransom would be paid.

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) spotlighted the Snatch ransomware gang in September, warning that the hackers were based in Russia and are targeting organizations in the agriculture, IT and defense industries.

The group has existed in various forms since 2018 but caused headlines in recent months over attacks on South Africa’s Defense Department, the Metropolitan Opera and the city government of Modesto, California.

“Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations,” the agencies said. “Snatch threat actors have targeted a wide range of critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture, and Information Technology sectors.”

The group has also been seen purchasing data stolen by other ransomware gangs and extorting victims for further ransoms.

The gang devastated a Wisconsin school district’s network in October 2022 and gained the attention of the U.S. Senate after stealing the sensitive data of more than 1.2 million patients during an attempted ransomware attack in May on one of the largest hospitals in Florida.

In addition to limiting services, the gang has stolen millions of Social Security numbers and IDs from their victims, including automaker Volvo, a Canadian airport and the Canadian Nurses Association.

There have been several attacks on massive food manufacturers in 2023 as cyberattackers target pressure points in the supply chain in the hopes of extracting large ransoms. Sysco, Dole, Hershey, Mondelez, and Canada’s Maple Leaf Foods have all faced data theft incidents this year.