McDonald's Becomes Latest Target for Russian Hackers Amid Invasion

A ransomware group that is probably based in Russia has launched a cyberattack on McDonald's corporate assets, and some experts fear it is just the beginning of a slew of online attacks. According to a report by The Daily Mail, the group is called Snatch, and it claims to have stolen about 500 gigabytes of sensitive data from McDonald's. If the company doesn't pay a ransom, Snatch threatens to sell this data on the dark web.

Details on this alleged cyberattack are still slim, and McDonald's has not yet responded to other outlets' requests for comment. However, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a "shields up" alert to all American businesses in light of this breach at McDonald's. Snatch of "Snatch Team" is an elusive group of cybercriminals but a 2019 report does show strong evidence that the group is Russian-speaking. That report was from the cybersecurity firm Sophos, and it did not confirm whether Snatch is actually based in Russia or not.

CISA's warning to businesses was based on Russia's unprovoked attack on Ukraine starting on Thursday, Feb. 24. It reads: "Russia's unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization – large and small – must be prepared to respond to disruptive cyber activity."

The cyberattacks noted in the memo began on Feb. 24 as well according to a report by The Associated Press. Ukrainian government websites were targeted along with affiliated organizations, and government-owned computers detected malware designed to wipe out locally stored data. Experts said that hundreds of devices were affected, and some were not in Ukraine but instead in neighboring countries like Latvia and Lithuania.

On the other hand, cyberattacks can easily go both ways. On Friday, Feb. 25, ABC News reported that the hacker group Anonymous had disabled some Russian government websites in retaliation on behalf of the people of Ukraine. Again, there has been no confirmation of where the members of Anonymous are operating from.


The Russian government is reportedly uniquely qualified for cyber offensive attacks, with a state-controlled cyber warfare team. Some experts have also voiced suspicion that the Russian government allows independent cybercriminals to act on its behalf. The situation in Ukraine remains violent, visit CBS News for the latest updates.