Everest is a Russian-speaking threat actor first observed in November 2021, known for its malicious activities involving cyber attacks and ransomware incidents. According to reports from security company NCC Group and Cybernews, Everest has been linked to significant cyber attacks on businesses, including a notable incident where the group claimed to have hacked AT&T's network and offered access for sale. The group has also been associated with the Black-Byte ransomware operations, indicating a broad network of illicit cyber activities. Everest targets a wide range of sectors including healthcare, construction and engineering, financial services, legal and professional services, manufacturing, and government.
In one prominent case, Everest allegedly infiltrated the Illinois court system, gaining unrestricted access to confidential documents and sensitive data. They claimed to have an insider within the court system who facilitated this breach. Following the attack, Everest purportedly offered access to the compromised network for sale on a dark web forum. This incident underscores Everest's modus operandi, which often involves exploiting weak or stolen credentials to gain access to target systems, and then selling unauthorized access to other cybercriminals who conduct ransomware attacks.
Everest’s tactics include using legitimate cybersecurity threat simulation tools such as Cobalt Strike to facilitate their attacks, and extracting additional credentials through tools like ProcDump. The group has evolved into an 'initial access broker', meaning they specialize in initially gaining unauthorized access to a victim organization through means such as credential theft. Recently, the American Hospital Association issued a warning to hospitals about Everest threats, following an alert from HHS HC3. In another incident, Everest claimed to have stolen medical record information from Nevada-based Horizon View Medical Center, showcasing the group's continued threat to the healthcare sector.
Description last updated: 2024-08-23T00:16:01.584Z