Have a Break
Can you help us uncover the mystery behind the KitKat heist?
medium
45 min
3,613
To access material, start machines and answer questions login.
Disclaimer: This challenge is inspired by a real cargo theft that occurred in March 2026, in which a shipment of KitKat products was stolen in transit between Italy and Poland. All companies, agencies, individuals, documents, and investigative findings presented in this challenge are entirely fictional. No real employees, law enforcement personnel, or organisations are implicated. The real theft remains under investigation by the relevant authorities.
Background
On 26 March 2026, a refrigerated truck carrying over 400,000 units of KitKat product vanished somewhere between Central Italy and Poland. Nestlé confirmed the theft two days later. The vehicle has not been found.
The European Cargo Threat Assessment (ECTA) does not believe this was opportunistic. A shipment of this size, on a contracted route, does not disappear without someone helping it along.
An anonymous tip reached a journalist the following evening. ECTA obtained it under judicial authority. That is where your investigation begins.
Your Assignment
You are a CZ Node investigator on Project HAVEABREAK. Your goal is to identify the culprit behind the heist by using the following files:
| File | Description |
|---|---|
ecta_memo.pdf |
Your briefing. Start here. |
exhibit_a.eml |
Exhibit A — referenced in the memo |
exhibit_b.jpg |
Exhibit B — referenced in the memo |
transeuro_data/employees.csv |
Subpoenaed from TransEuro Logistics IT |
transeuro_data/access_log.csv |
Subpoenaed from TransEuro Logistics IT |
transeuro_data/comms_export.txt |
Subpoenaed from TransEuro Logistics IT |
You can download the files by clicking on the button below:
Which VPN service was used to send the anonymous email from the .eml file?
What is the full street address of the petrol station where the missing vehicle was last seen?
At what time did the suspicious action take place in the route planning system on March 25th, 2026?
Format: HH:MM:SS
What is the employee ID of the person who sent the anonymous email?
What is the employee ID of the employee responsible for leaking the shipment details?
What is the leaker's full name?
Ready to learn Cyber Security?
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in