The Akira ransomware group has announced a breach of Apache OpenOffice, claiming to have stolen 23GB of sensitive data. For context, Apache OpenOffice is a widely recognized free and open-source office suite created by the Apache Software Foundation, offering tools that serve as alternatives to Microsoft Office on platforms like Windows, Linux, and macOS.
The suite encompasses various applications, including Writer for document creation, Calc for spreadsheets, Impress for presentations, Draw for graphics, Base for database management, and Math for mathematical formula creation. According to a report from Hackread.com, Akira alleges that the compromised data consists of employee records, which may include sensitive information such as physical addresses, phone numbers, driver’s licenses, social security cards, and credit card details.
In addition to personal records, the purportedly stolen information encompasses financial documents, internal confidential files, and reports regarding operational issues within the application. The group has stated, “We will upload 23 GB of corporate documents soon. This includes employee information (addresses, phones, DOB, driver’s licenses, social security cards, credit cards information), financial details, internal confidential files, and numerous reports concerning their application-related problems,” as listed on their dark web leak site.
Current Status
As of this writing, the Apache Software Foundation has yet to confirm any breach involving Apache OpenOffice. The claim remains unvalidated, raising questions about whether Akira’s assertions stem from an actual compromise or if they utilize information from prior incidents. Hackread.com has sought a statement from Apache regarding this matter.
If the breach is authenticated, it could potentially expose internal development data or contributor details; however, it appears that users of the office suite may not be immediately impacted. The infrastructure for downloading OpenOffice is distinct from its development servers, indicating that public software distributions are likely unaffected at this time.
Understanding the Akira Ransomware Group
Emerging in 2023, the Akira ransomware group operates as a ransomware-as-a-service (RaaS) offering, executing numerous attacks across the United States, Europe, and other regions, amassing significant ransom payments. Their modus operandi includes double extortion tactics, wherein data is stolen before encrypting the victim’s systems. This group supports ransomware variants compatible with both Windows and Linux/VMware ESXi platforms. A report by Bitdefender released in March 2025 highlighted that the Akira group had even compromised webcams belonging to victims.
Communicating primarily in Russian across dark web forums, the group’s ransomware specifically checks for Russian keyboard layouts to avoid targeting systems within Russian-speaking territories. Nevertheless, users of OpenOffice are advised to download the software solely from the official website, steering clear of any third-party links disseminated through social media or forums. Until the Apache Software Foundation provides clarification, there remains no indication that end-user data or installations have been compromised.
This incident raises a host of concerns for cybersecurity professionals and business owners alike, highlighting the ongoing threats posed by ransomware actors like Akira. As the landscape of cyber threats continues to evolve, awareness of potential vulnerabilities and diligent security practices remain paramount for organizations striving to protect sensitive data.
