Apparently, Everest operators took down their website after the attack: the resource cannot be loaded and displays an “Onion site not found” error message.
It’s not yet known how the attackers gained access to the Everest website and whether it was actually hacked. Tammy Harper, Senior Threat Intelligence Researcher at Flare, and other experts believe that a potential WordPress vulnerability could be exploited in this attack.
According to Harper, Everest used a WordPress template in their blog, and this could be the case.
The Everest ransomware group has been active since 2020. Over the past years, it completely changed its tactics: from ‘standard’ data thefts for subsequent extortion to the use of ransomware that encrypts compromised systems.
In addition, Everest resells gained accesses to organizations’ networks to other hacker groups and cybercriminals.
Over the five years of activity, Everest published information about 230 victims on its darknet website. The resource was used to implement a classic double extortion scheme: hackers forced victims to pay a ransom under the threat of disclosing stolen sensitive data.
In August 2024, the United States Department of Health and Human Services warned that Everest is increasingly frequently targeting healthcare organizations in the US.
US authorities implicate Everest in several attacks, including data leaks from NASA and the Brazilian government.
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update
Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →