The threat actor stormous gained access to hy-vee.com’s environment via compromised Atlassian accounts, including Confluence and Jira, resulting in the extraction of internal documents, infrastructure diagrams, employee data, training materials, and technical information related to operational systems. The incident impacted the United States.
Incident Details
- Victim: hy-vee.com
- Country: US
- Actor: stormous
- Source: http://6sf5xa7eso3e3vk46i5tpcqhnlayczztj7zjktzaztlotyy75zs6j7qd.onion/hy-vee.com
- Discovered: 2025-06-23 22:27:16.005540
- Published: 2025-06-23 22:26:43.056344
Information
- Access to Hy-Vee’s environment was obtained through compromised Atlassian accounts, including tools such as Confluence and Jira.
- Internal documents, infrastructure diagrams, employee data, training materials, and technical information related to several operational systems were extracted.
Disclaimer: This post is based on public claims made by the ransomware group "stormous". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.