Everest ransom group adds AT&T to its victim list
AT&T, an American multinational telecommunications company with nearly $170 billion in revenue, allegedly fell victim to a ransomware attack.
The Everest ransomware gang, believed to be connected to the Black-Byte ransomware operations, said it had hacked AT&T.
On its leak page, Everest claims to be selling access to the corporate network in the US. The post on the website appeared on October 27.
Cybernews reached out to the telecommunications company for a statement.
“We are currently investigating this, but at this time we have no evidence of a compromise of our systems," the company told Cybernews via email.
This is not the first time AT&T has come under the spotlight in relation to cybersecurity concerns. Mere days after the infamous T-Mobile data breach, the same actor posted an ad on the dark forum, selling 70 million AT&T user records. The mobile service provider denied the data leak claim, saying the data didn’t come from any of their systems.
AT&T had already suffered a data breach before. In 2015, the company agreed to pay a $25 million fine for an insider breach, when call center workers accessed sensitive information of hundreds thousands customers without authorization.
According to the NCC group, the Everest threat actor has been observed exploiting compromised user accounts and remote desktop protocol (RDP) for lateral movement.
“Everest’s action on objectives appears to focus on data exfiltration of sensitive information as well as encryption, commonly referred to as double extortion,” researchers said.
More from Cybernews:
Thomson Reuters collected and leaked at least 3TB of sensitive data
Elon Musk’s finish line: “Chief Twit” visits Twitter HQ, carries a sink
China-linked threat group sowing discord ahead of US elections, analyst warns
Pope: even nuns and priests watch adult content online
Subscribe to our newsletter
Your email address will not be published. Required fields are marked