Everest Ransomware claims to have stolen over 100,000 sensitive engineering files from Benchmark Electronics, potentially exposing the inner workings of some of the world’s most advanced technology manufacturers.
Benchmark Electronics, a US-based electronic manufacturing giant, has allegedly been targeted by the Russia-related ransomware gang, according to claims on its leak site on the dark web.
With annual revenue of $2.61 billion, Benchmark Electronics provides industrial technology across various sectors, including aerospace, defense, and telecommunications. Recently, Benchmark delivered mobile surveillance systems to the US Customs and Border Protection and the Federal Aviation Administration.
On its data leak portal, Everest states that it has more than 100,000 technical and manufacturing files that Benchmark Electronics provided to its clients. According to the claims, among the exposed files are solutions provided for multiple companies, including Amazon Prime AIR, Honeywell, Yamaha Robotics, Hitachi, Caterpillar, Thales, and ASML.
To support the claims, the gang posted photo samples that include various sketches and circuit board designs of the products manufactured by Benchmark Electronics.
If leaked, such files could reveal materials used in manufacturing, some processes for making components, electrical circuits, and client company names.
“Detailed info on manufactured products can result in a rise of counterfeit products, potential hardware exploitation, and generally a loss of competitive advantage and client trust for the company,” said the Cybernews research team, who investigated the data samples.
Releasing the company names on the dark web with a timeframe for negotiations is a common tactic in the ransomware crime landscape. In this way, companies are pressured to pay ransom to protect the data from public release or being sold on the cyber underground.
Everest’s claims haven’t yet been publicly confirmed by the company, but historical patterns suggest high accuracy as the gang typically lists organizations only after completing exfiltration.
Cybernews reached out to the company for confirmation, but a response is yet to be received.
Who is the Everest Group?
The Everest gang first emerged on the scene in July 2021. According to Cybernews' in-house surveillance tool, Ransomlooker, the gang has listed 320 victims since 2023, with many well-known names on the list.
The gang's latest target was ASUS. At the beginning of December, it claimed that it had stolen 1TB of the company’s data, including “camera source data.”
In November, the gang targeted the Italian gas giant SIAD Group. The company confirmed the breach, stating that it did not affect “continuity of operations.”
It also listed Brazil’s oil giant Petrobras. The attackers claimed to have exfiltrated seismic and exploration data from the company’s newly explored oil spot.
The most disruptive attacks conducted by the gang this year affected the aviation sector.
It listed Air Miles España, a company operating Spain’s leading loyalty program, Travel Club. The attackers claimed to have exfiltrated 131GB of data, including millions of customer records such as names, emails, account IDs, demographics, activity data, and marketing information.
Everest is also behind the latest attack on the Spanish airline Iberia. The gang says the data includes customer names, contact details, birthdates, travel and booking information, masked card data, and marketing profiles. The group also claims it has had “long-term, unfettered access” to all bookings, with the ability to view and edit them.
The Everest Group targeted aviation giant Collins Aerospace. The company’s MUSE check-in software is used by several major European airports to manage check-in and boarding systems. A devastating attack on the company’s systems froze European airports.
The group ultimately released 23GB of data allegedly belonging to Collins Aerospace on the dark web.
The gang also threatened to release extensive passenger data from Dublin Airport in connection with the Collins Aerospace breach. The link to allegedly stolen data was dropped on November 11th. However, the link was later taken down by the gang.
Your email address will not be published. Required fields are markedmarked