- Ransomware — Operators Everest adds MailChimp to their Data Extension Website
- They claimed to have stolen 767 MB of sensitive data
- Society mocked the size of the archive
Russian ransomware -Band Everest says it recently broke in IE -Mail -Marketing Giant Mailchimp, left samples on his dark site and gave the company a few days to step up and pay or see the consequences. But instead of causing a voting – the group became a laughter of the cyber security community.
Mailchimp is one of the most popular platforms in its industry with more than 14 million active users, so when cyber criminals break in and steal data – the community expects a large database with lots of juicy intel inside.
However, Everest Exfiltrated “Only” 767 MB of information that includes 943,536 lines, and apparently includes “internal company documents”.
“Leaking of your internal business documents contains a huge number of personal documents and information from clients,” Everest apparently said on his data leakage.
The news was picked up by the Malware Archive “VX-Underground”, which at X said the database seemed “remarkably small for a supplier as large and widespread as Mailchimp.”
Others quickly chimmed in and shared a similar mood: “As a customer,” a person said. “It’s probably 300 milliseconds worth of Mailchimp data. Probably a client of a client’s e -mails was leaked,” another added.
Everest is not a state -sponsored group, but since its members speak Russian, security researchers also believe that the group is located there.
It has been active since 2020, beginning as a data extension actor and later developed into a full ransomware operation. Over time, it has also changed somewhat courage to act as an initial access broker (IAB) and sold access to compromised networks to other criminal gangs rather than performing ransomware themselves.
It has claimed hundreds of victims so far, including heavy weights such as AT&T, several South American governments, Coca -Cola’s Middle East wing, Crumbl Cookies, Mediclinic Hospitals and Saudi Konglomerate Rezayat Group.
Via Cygenerws
