Yakult Australia, manufacturer of a probiotic milk drink, has confirmed experiencing a “cyber incident” in a statement to BleepingComputer. Both the company’s Australian and New Zealand IT systems have been affected.
Cybercrime actor DragonForce which claimed responsibility for the cyber attack, has also leaked 95 GB of data that it states belongs to the company.Invented in 1935 in Japan and now sold around the world, Yakult is a fermented and sweetened milk beverage with live bacteria, consumed to support digestion and the immune system.
In a statement to BleepingComputer, Yakult Australia confirmed it was investigating a cyber attack that occurred in mid-December. “We first became aware of a cyber incident on the morning of the 15th of December,” wrote David Whatley, Yakult Australia’s Director to BleepingComputer.
“We cannot yet confirm the extent of the incident. We are working with cybersecurity experts to investigate the incident as a matter of urgency.” The company is currently unable to confirm how exactly the incident occurred.
“Our investigations are ongoing. Further updates will be provided as information becomes available.” While the company’s IT systems in Australia as well as New Zealand were hit, the offices in both regions remain open and operational.
BleepingComputer additionally observed on Yakult Australia website, placement of an “important message” modal that earlier in the week appeared to be blank, but now shows an incident notice:
A cybercrime actor that calls itself ‘DragonForce’ has taken responsibility for the incident and listed Yakult Australia to its onion leak site on December 20th, while publicly threatening to leak 95.19 GB of data, which the group has now done.
BleepingComputer analysed a small portion of the leaked dump that appeared to contain several business documents, spreadsheets, credit applications made by Yakult Australia, employee records, and copies of identity documents such as passports.
With its slogan, “companies that refused to cooperate,” the DragonForce leak site (aka DragonLeaks) is indicative of the threat actor first attempting to extort its victims for payment failing which, it publicly leaks assets and data stolen from these companies, much like other cybercriminal groups.
Not much information is currently known about ‘DragonForce’, which has listed 20 victims on its leak site thus far. The threat actor does not yet seem related to DragonForce Malaysia, a hacktivist group that has earlier targeted government agencies in the Middle East.