Everest

Threat Actor updated 19 days ago (2024-08-23T00:17:40.858Z)
Download STIX
Preview STIX
Everest is a Russian-speaking threat actor first observed in November 2021, known for its malicious activities involving cyber attacks and ransomware incidents. According to reports from security company NCC Group and Cybernews, Everest has been linked to significant cyber attacks on businesses, including a notable incident where the group claimed to have hacked AT&T's network and offered access for sale. The group has also been associated with the Black-Byte ransomware operations, indicating a broad network of illicit cyber activities. Everest targets a wide range of sectors including healthcare, construction and engineering, financial services, legal and professional services, manufacturing, and government. In one prominent case, Everest allegedly infiltrated the Illinois court system, gaining unrestricted access to confidential documents and sensitive data. They claimed to have an insider within the court system who facilitated this breach. Following the attack, Everest purportedly offered access to the compromised network for sale on a dark web forum. This incident underscores Everest's modus operandi, which often involves exploiting weak or stolen credentials to gain access to target systems, and then selling unauthorized access to other cybercriminals who conduct ransomware attacks. Everest’s tactics include using legitimate cybersecurity threat simulation tools such as Cobalt Strike to facilitate their attacks, and extracting additional credentials through tools like ProcDump. The group has evolved into an 'initial access broker', meaning they specialize in initially gaining unauthorized access to a victim organization through means such as credential theft. Recently, the American Hospital Association issued a warning to hospitals about Everest threats, following an alert from HHS HC3. In another incident, Everest claimed to have stolen medical record information from Nevada-based Horizon View Medical Center, showcasing the group's continued threat to the healthcare sector.
Description last updated: 2024-08-23T00:16:01.584Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Everest Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
19 days ago
US Authorities Warn Health Sector of Everest Gang Threats
CERT-EU
8 months ago
Everest Ransomware Update from Thirtyseven4 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
The Insider Threat: Everest Cybercriminals Offering Cash for Remote Access
CERT-EU
a year ago
Everest ransomware operation transitioning as IAB
CERT-EU
a year ago
Everest cybercriminals offer corporate insiders cold, hard cash for remote access
CERT-EU
a year ago
Everest searching for corporate insiders amid rare pivot
CERT-EU
a year ago
Ransomware group claims to have hacked district court | #ransomware | #cybercrime – National Cyber Security Consulting