IKEA cyberattacks in Kuwait and Morocco gets investigated

IKEA Cyberattacks Kuwait Morocco Data Leak Phishing Vice Society Ransomware Business Email Compromise

The franchise stores of IKEA in Kuwait and Morocco, a popular furniture firm, have reported a cyberattack that disrupted its operations and systems. According to the furniture firm’s representative, they are currently investigating the incident with authorities and cybersecurity partners.

With about 445 outlets worldwide, IKEA is a Swedish-Dutch furniture store giant boasting approximately €41.9 billion in revenue for 2021.

In a statement, IKEA added that a Kuwait-based franchise owner independently manages the two affected franchises in Kuwait and Morocco. Hence, the attack incident in these two franchise stores is separate from the operations and customer service of other IKEA branches and retailers.


The Vice Society ransomware group claimed the cyberattack on IKEA.


Based on investigations, the Vice Society ransomware group added the Kuwait and Morocco IKEA outlets to their leak site, claiming to be the incident’s perpetrators. As seen on the shared details on Vice Society’s leak site post, they allegedly stole proprietary and employee data from the affected furniture firms, including some additional files from an IKEA Jordan branch.

Threat groups have been targeting the furniture store giant, with previous reports involving a reply-chain phishing campaign that affected its employees’ internal email inboxes. In this campaign, the hackers used compromised email accounts of some IKEA firms and partners to target staff with malware-carrying Excel files.

In a separate investigation by security analysts, a cyberattack campaign against IKEA employees’ email inboxes has been carried out for a while, with numerous organisations, business partners, and suppliers getting compromised.

Experts found it challenging to detect these attacks since they can come as an email from someone inside IKEA, an external organisation, or as a reply to an ongoing email conversation. Thus, users are advised to be extra vigilant against these security threats.

Since its first few active campaigns in June 2021, the Vice Society ransomware gang has launched massive attacks that heavily affected several sectors, including educational institutions. From a report released by Microsoft in October, they stated that Vice Society seemed to aim at organisations with weak security measures and those that could ensure a ransom payout.

About the author

Leave a Reply