WK Kellogg Co. has recently become the target of a cyber-attack, suspected to be a ransomware attack orchestrated by the Clop ransomware group. The company, which now operates independently from the Kellogg Company, uncovered evidence of the breach in February 2025, indicating that malicious actors linked to Clop may have gained unauthorized access to its network as early as 2024. This breach potentially resulted in the theft of sensitive data from the company’s servers.
A comprehensive technical investigation pointed towards a possible connection between this cyber-attack on WK Kellogg Co. and the Cleo Data Theft Attack that made headlines in the previous year. The Cleo software vulnerability exploited in the earlier incident allowed threat actors to infiltrate Kellogg’s servers and exfiltrate data.
Clop ransomware has been a prominent player in the realm of data extortion schemes since 2019. Known for their utilization of phishing campaigns to penetrate networks, the group employs a double extortion strategy, involving both data theft and encryption. Interestingly, Clop ransomware tends to avoid targeting Russian entities and focuses on exfiltrating data for extortion purposes rather than simply encrypting it. Despite this strategy, the group has managed to secure substantial financial gains by leveraging the stolen data against their victims.
The timing of the attacks orchestrated by the Clop ransomware group is also notable, as they often choose to strike during weekends or public holidays when IT personnel are typically less available to respond promptly. In a more sophisticated move back in 2023, the group targeted the MoveIT software platform in another cyber assault.
In a separate incident, the Medusa Ransomware group has claimed responsibility for a data breach affecting NASCAR, the iconic American auto racing organization. The ransomware group published a dataset on their data-leak website containing sensitive information related to NASCAR, including personal details of employees such as names, email addresses, job titles, and login credentials. The Medusa group has issued a ransom demand of $4 million, with a deadline set at 10 days for payment. Failure to comply with the demand could result in the sale of the stolen data to interested buyers.
Investigations into both the WK Kellogg Co. and NASCAR data breaches are ongoing, with authorities working diligently to uncover additional details surrounding these cyber-attacks. As the cybersecurity landscape continues to evolve, organizations face mounting challenges in safeguarding their digital assets from sophisticated threat actors seeking to exploit vulnerabilities for financial gain.