Skip to main content
close search
site logo
Dive Brief

Kraft Heinz probes ransomware attack claim

The food and beverage company attributed the potential attack to a decommissioned marketing site and said internal systems are operating normally.

Published Dec. 15, 2023
Matt Kapko's headshot
Senior Reporter
Overhead side view of bottles of Heinz Ketchup
Scott Olson via Getty Images

Dive Brief:

  • Kraft Heinz, the food and beverage company behind household brands such as Oscar Meyer, Kool-Aid and Grey Poupon, is investigating claims of a ransomware attack, the company said Thursday.
  • “We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims,” a company spokesperson told Cybersecurity Dive. “Our internal systems are operating normally, and we currently see no evidence of a broader attack.”
  • The Russia-linked ransomware group Snatch claimed responsibility for an attack against Kraft Heinz in mid-August and made it visible on its data leak site Thursday, according to a screenshot Dark Web Informer posted on X, the site formerly known as Twitter.

Dive Insight:

Kraft Heinz, which is co-headquartered in Chicago and Pittsburgh, operates in more than 40 countries. The company sells food and beverage products under at least two dozen brands, including Jell-O, Philadelphia and Lunchables.

The company, formed by the merger of Kraft and Heinz in 2015, reported almost $2.4 billion in profit on $26.5 billion in revenue in 2022, according to its annual 10-K filing.

Federal authorities issued a joint advisory on the Snatch ransomware group’s activities in September, warning of multiple critical infrastructure sectors being targeted including food and agriculture.

“Snatch threat actors conduct ransomware operations involving data exfiltration and double extortion,” the FBI and Cybersecurity and Infrastructure Security Agency said.

Threat actors affiliated with Snatch often communicate directly with victims to demand a ransom, sometimes threatening double extortion, which involves the release of data on its extortion site if the ransom isn’t paid, officials said.

Kraft Heinz declined to say if the company has been in contact with the threat actor or received a ransom demand. 

Snatch first appeared in 2018 and claimed its first U.S.-based victim in 2019, according to CISA and the FBI. The group uses multiple methods to gain and maintain access to victim networks, including exploited weaknesses in remote desktop protocol for brute-force attacks and compromised administrator credentials, officials said.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell