China fingered for Coca Cola hack - report

Several big name multinationals kept quiet about breaches


Suspected Chinese hackers launched damaging cyber raids on several big name multi-nationals over the past few years, including Coca Cola, according to new reports.

Fizzy drink giant Coca Cola, British energy company BG Group, Luxembourg-based steel maker ArcelorMittal and Chesapeake Energy were all named by Bloomberg as having been breached but deciding not to reveal the news at the time.

Coca Cola’s computer systems were infiltrated thanks to an email sent to the then deputy president of Coca-Cola’s Pacific Group, Paul Etchells.

Appearing to come from the CEO, it actually contained a malicious link which, when Etchell clicked, began downloading malware including a keylogger, the report said.

Hackers spent around a month rooting around inside Coca Cola’s systems, said Bloomberg, citing an internal company document detailing the cyber intrusion. The document is said to attribute the attack to state-sponsored attackers as the culprits.

The attack was launched in 2009 with the aim of exfiltrating files relating to Coca Cola’s ultimately unsuccessful $US2.4bn acquisition of China Huiyuan Juice Group. China’s Ministry of Commerce eventually rejected the deal after raising competition concerns.

Although the report claimed state-sponsored actors were involved, experts interviewed by the news wire said the attack had all the hallmarks of Comment – a prolific Chinese hacking group.

Comment was also fingered for a 2011 attack on US gas giant Chesapeake Energy, by hacking the computers of its partner Jeffries Group. Chesapeake was apparently in dialogue at the time with a Chinese energy company about joint shale gas investments.

Comment was also accused of hacking ArcelorMittal, searching for a file named “China” on a senior exec's computer and pinching a whole load of PowerPoint slides.

BG Group was hacked in 2011 in a breach said to have been massive – including geological maps and drilling records – but like all the others, unreported at the time.

The incidents, if they took place, highlight the risks to multinational firms with business interests in China. Experts increasingly warn about such risks, with IP theft said to be prevalent.

Google took the rare step of going public after it uncovered the China-based Operation Aurora attacks on it and other firms in 2010. Since then, covert APT-style targeted attacks believed to originate in China have often hit the headlines. ®

Similar topics

Broader topics


Other stories you might like

  • Beijing-backed baddies target unpatched networking kit to attack telcos
    NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points

    State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.

    So say the United States National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), which took the unusual step of issuing a joint advisory that warns allied governments, critical infrastructure operators, and private industry organizations to hurry up and fix their IT estates.

    The advisory states that network devices are the target of this campaign and lists 16 flaws – some dating back to 2017 and none more recent than April 2021 – that the three agencies rate as the most frequently exploited.

    Continue reading
  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading

Biting the hand that feeds IT © 1998–2022