Everest ransom group adds AT&T to its victim list

AT&T, an American multinational telecommunications company with nearly $170 billion in revenue, allegedly fell victim to a ransomware attack.

The Everest ransomware gang, believed to be connected to the Black-Byte ransomware operations, said it had hacked AT&T.

On its leak page, Everest claims to be selling access to the corporate network in the US. The post on the website appeared on October 27.

Everest claims AT&T
Screenshot by Cybernews

Cybernews reached out to the telecommunications company for a statement.

“We are currently investigating this, but at this time we have no evidence of a compromise of our systems," the company told Cybernews via email.

This is not the first time AT&T has come under the spotlight in relation to cybersecurity concerns. Mere days after the infamous T-Mobile data breach, the same actor posted an ad on the dark forum, selling 70 million AT&T user records. The mobile service provider denied the data leak claim, saying the data didn’t come from any of their systems.

AT&T had already suffered a data breach before. In 2015, the company agreed to pay a $25 million fine for an insider breach, when call center workers accessed sensitive information of hundreds thousands customers without authorization.

According to the NCC group, the Everest threat actor has been observed exploiting compromised user accounts and remote desktop protocol (RDP) for lateral movement.

“Everest’s action on objectives appears to focus on data exfiltration of sensitive information as well as encryption, commonly referred to as double extortion,” researchers said.

More from Cybernews:

Thomson Reuters collected and leaked at least 3TB of sensitive data

Elon Musk’s finish line: “Chief Twit” visits Twitter HQ, carries a sink

Best VPNs for AT&T

China-linked threat group sowing discord ahead of US elections, analyst warns

Pope: even nuns and priests watch adult content online

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked