The Akira ransomware group has reportedly claimed responsibility for breaching Apache OpenOffice, asserting that it stole 23 gigabytes of sensitive internal data from the open-source software foundation.
The announcement was made on October 29 through Akira’s dark web leak site, where the group threatened to publish the stolen files if its ransom demands were not met. Known for its double-extortion tactics, Akira typically exfiltrates confidential data before encrypting victims’ systems to increase pressure for payment.
Apache OpenOffice, a long-standing project under the Apache Software Foundation, provides free productivity tools that rival commercial platforms such as Microsoft Office. Its suite includes Writer, Calc, Impress, Draw, Base, and Math, and it supports more than 110 languages across major operating systems. The software is widely used by educational institutions, small businesses, and individuals around the world.
Despite the severity of the claims, early reports indicate that the public download servers for OpenOffice remain unaffected, meaning users’ software installations are currently considered safe.
Details of the Alleged Breach
According to Akira’s post, the data set includes personal details of employees such as home addresses, phone numbers, birth dates, driver’s licenses, Social Security numbers, and credit card information. The hackers also claim to have financial documents, internal communications, and detailed technical reports related to application bugs and development work.
In their online statement, the group said, “We will upload 23 GB of corporate documents soon,” implying the data could soon be released publicly.
As of November 1, the Apache Software Foundation has not confirmed or denied the breach. Representatives have declined to comment, and independent investigators have not yet verified the authenticity of the stolen data.
Experts caution that, if genuine, the leak could expose staff to identity theft and phishing attacks. However, the open-source nature of the software itself likely limits risks to the product’s source code.
Akira’s Growing Threat
Akira emerged in March 2023 and operates as a ransomware-as-a-service network, offering its tools to affiliates in exchange for a share of the profits. The group has executed hundreds of attacks across North America, Europe, and Asia, reportedly extorting tens of millions of dollars from victims.
Akira’s malware variants target both Windows and Linux systems, including VMware ESXi environments.
In some cases, the hackers have even used compromised webcams for added intimidation. The group communicates in Russian on dark web forums and is known to avoid attacking computers configured with Russian-language keyboards.
The alleged Apache OpenOffice incident comes amid a surge in ransomware attacks on open-source projects. Security experts are urging volunteer-based organizations to adopt stronger defenses, better data hygiene, and more robust incident response protocols.
Until the claim is verified or disproved, users and contributors to Apache OpenOffice are advised to stay alert for suspicious activity and ensure that backups are secure and isolated from their main systems.
