Home
Date of Incident:
January 2025
Overview:
In January 2025, Nike fell victim to a cyberattack by the World Leaks ransomware gang, which exploited vulnerabilities in Nike’s corporate network. The breach resulted in the leak of nearly 190,000 files, revealing sensitive corporate data that could potentially compromise consumer privacy and business operations. The attackers used sophisticated techniques, including exploiting valid accounts and data staging, to exfiltrate and encrypt the data. The incident was reported a year later, in January 2026, highlighting significant security concerns for similar companies such as Adidas, Puma, Under Armour, Reebok, and New Balance.
>>Outpace Attackers With AI-Based Automated Penetration Testing
Impact:
Leak of nearly 190,000 files containing corporate data providing information on Nike’s business operations. Potential exposure of consumer privacy and corporate information.
Details:
The breach involved the World Leaks ransomware gang exploiting a vulnerability in Nike’s corporate network, consistent with MITRE ATT&CK techniques T1078 (Valid Accounts), T1105 (Ingress Tool Transfer), and T1499 (Data Staging). The ransomware deployed a payload that encrypted internal servers, exfiltrating nearly 190,000 files prior to encryption. Indicators of Compromise include IP addresses associated with the World Leaks infrastructure, hashes of known ransomware payload components, and registry modifications to disable recovery options. Log artifacts showed unusual outbound traffic and multiple failed login attempts from foreign IP ranges, followed by successful use of compromised credentials.
Remediation:
Nike was advised to apply all critical patches addressing the exploited vulnerability immediately. Temporary mitigations include network segmentation, enforcing MFA for remote access, and monitoring for known IOCs such as the World Leaks IP addresses and file hashes. Known workarounds involve restoring from offline backups and deploying endpoint detection and response (EDR) tools configured for behavioral detection of ransomware activities.
Takeaway for CISO:
The breach highlights the severe impact of ransomware gangs targeting high-profile consumer companies, risking both corporate and customer data confidentiality. CISOs should prioritize zero-trust architectures, continuous monitoring for credential abuse, and rapid incident response capabilities to mitigate the risk of similar data exfiltration and encryption attacks.
