The “Everest” ransomware group has claimed responsibility for a series of major data breaches, including the exfiltration of 576,000 AT&T applicant records and 1.5 million Dublin Airport passenger files. The group also claims to have breached Air Arabia and Sweden’s power grid operator, Svenska kraftnät.
Business Impact
This campaign demonstrates a “big game hunting” strategy, targeting critical infrastructure (energy, aviation) and data-rich corporations. The theft of PII from AT&T and Dublin Airport creates a massive risk of identity theft and targeted fraud, while the attack on the Swedish power grid is a national security threat.
Why It Happened
Everest is an established extortion group that focuses on data theft for leverage. They likely exploited unpatched vulnerabilities in internet-facing systems or used compromised credentials to gain access to these high-value networks.
Recommended Executive Action
This is a clear signal that attackers are targeting critical infrastructure. Mandate a review of your organization’s internet-facing attack surface and ensure all remote access points are secured with MFA. Verify that all sensitive PII databases are encrypted at rest and access is strictly logged.
Hashtags: #Ransomware #Everest #DataBreach #ATT #CyberAttack #CriticalInfrastructure #InfoSec