- Ransomware Everest operators adds Mailchimp to their data site
- They claimed to have stolen 767 MB of sensitive data
- The community has made fun of the size of the archives
The Russian ransomware gang Everest said that it recently broke into the marketing giant by email emailchimp, left samples on its dark website and gave the company for a few days to intensify and pay, or face the consequences. But instead of provoking agitation – the group has become a laughing at the cybersecurity community.
Mailchimp is one of the most popular platforms in its industry, with more than 14 million active users, so when cybercriminals intervene and fly data – the community expects a large database with many juicy Intel inside.
The Everest, however, exfiltrated “only” 767 MB of information, which includes 943,536 lines, and apparently includes “internal business documents”.
“The leakage of your internal corporate documents contains a wide variety of personal documents and customer information,” said Everest on its data leak site.
The news was recovered by the malware “VX-Underground” software repository which, on X, said that the database seemed, “remarkably small for a supplier as large and widespread as Mailchimp”.
Others quickly intervened, sharing a similar feeling: “like a customer,” said a person. “It’s probably 300 milliseconds of mailchimp data. Probably a client of the emails of a client has been disclosed,” added another.
Everest is not a group sponsored by the state, but as its members speak Russian, security researchers also think that the group is located there.
It has been active since 2020, starting as an actor of Data-Extortion and later evolving into a complete ransomware operation. Over time, he moved somewhat to an initial access broker (IAB), selling access to networks compromised to other criminal gangs rather than the execution of ransomware themselves.
He has claimed hundreds of victims so far, including heavy goods vehicles such as AT&T, several South American governments, the wing of the Middle East of Coca-Cola, Crumbl cookies, Mediclinic hospitals and the Rezayat group of the Saudi conglomerate.
Via Cyberness
