The Apache Software Foundation (ASF) is challenging the accuracy of claims made by the Akira ransomware group concerning a data breach of its Apache OpenOffice project. This dispute arose after the threat actors alleged they had successfully stolen 23 GB of what they described as confidential corporate documents and sensitive employee information.
Apache OpenOffice itself is a popular, freely available, and open-source office software suite. It offers a comprehensive set of tools, including applications for word processing, creating spreadsheets, developing presentations, and managing databases. A key feature of the suite is its compatibility with widely used file formats, such as those from Microsoft Word and Excel, and its ability to run across different operating systems.
On October 30th, the Akira ransomware operators publicized their alleged attack on Apache OpenOffice. Their entry on a data leak site asserted that they had taken 23 GB of data, specifying that this hoard included employee addresses, phone numbers, dates of birth, driver’s licenses, social security cards, and credit card details, alongside financial records and internal documents detailing application issues.
However, the Apache Software Foundation has stated that it has no indication of what the ransomware gang might be referencing. The ASF is questioning the validity of the claim because it insists it does not collect or retain the categories of highly sensitive personal and financial data mentioned by Akira.
The ASF confirmed it is taking the claim seriously and is actively investigating the report, emphasizing its commitment to project security. A statement from the foundation noted that no ransom demand has been made to either the ASF or the Apache OpenOffice project. Crucially, the ASF clarified that since Apache OpenOffice is an open-source project, its contributors are not paid employees of the project or the foundation, explaining why the described set of employee data simply would not be in their possession.
Reference:
