Apparently, Everest operators took down their website after the attack: the resource cannot be loaded and displays an “Onion site not found” error message.
It’s not yet known how the attackers gained access to the Everest website and whether it was actually hacked. Tammy Harper, Senior Threat Intelligence Researcher at Flare, and other experts believe that a potential WordPress vulnerability could be exploited in this attack.
According to Harper, Everest used a WordPress template in their blog, and this could be the case.
The Everest ransomware group has been active since 2020. Over the past years, it completely changed its tactics: from ‘standard’ data thefts for subsequent extortion to the use of ransomware that encrypts compromised systems.
In addition, Everest resells gained accesses to organizations’ networks to other hacker groups and cybercriminals.
Over the five years of activity, Everest published information about 230 victims on its darknet website. The resource was used to implement a classic double extortion scheme: hackers forced victims to pay a ransom under the threat of disclosing stolen sensitive data.
In August 2024, the United States Department of Health and Human Services warned that Everest is increasingly frequently targeting healthcare organizations in the US.
US authorities implicate Everest in several attacks, including data leaks from NASA and the Brazilian government.
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers
Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
2025.02.28 — Qualcomm extends support for Android devices to 8 years
Qualcomm Technologies announced its collaboration with Google with the purpose to provide extended support for OEM devices running on company's flagship chipsets. This partnership will…
Full article →
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →