Rezayat Group, a multibillion-dollar industrial services provider based in Saudi Arabia, has been posted on a dark web leak site. Hackers claim they’ve obtained several gigabytes of data from the company.
Rezayat, which consists of 25 companies operating in engineering, manufacturing, logistics, and other sectors, was allegedly hit by the Everest ransomware cartel. The gang posted the company on its leak site, which it uses to showcase its latest victims.
We have reached out to the company and will update the article once we receive a reply.
Meanwhile, the Cybernews research team investigated the data sample that the attackers attached to the post. Several screenshots of the supposedly stolen data include reports and contracts with entities that are supposed to be Rezayat’s clients. Some screenshots include technical drawings of what appears to be industrial entities.
“As the data includes reports and contracts with other companies, the alleged data breach could affect Rezayat’s reputation with its clients. Moreover, attackers could use the leaked data to craft supply chain attacks,” the team explained.
While attackers claim they obtained 10GB of Rezayat’s data, it’s difficult to confirm such claims from a handful of screenshots of several documents. However, ransomware cartels often release snippets of data to pressure companies into meeting their ransom demands, threatening to continue leaking the data if victims choose not to pay.
The Saudi-headquartered Rezayat operates in 13 countries via 25 companies under its umbrella. The company claims to have over 20,000 employees worldwide.
What is Everest ransomware?
Researchers believe the Everest ransomware crew is linked to the Russia-linked BlackByte cartel. It was first spotted in 2021, making it an old-timer in the ransomware underworld.
In May 2025, the cartel hit several big organizations, including Mediclinic, a $5B hospital empire, and multinational soft drinks producer Coca-Cola. The gang allegedly stole nearly a thousand employees' data alongside confidential internal documents. Everest was also behind the infamous October 2022 attack on AT&T, offering alleged access to AT&T’s entire corporate network.
Everest has been observed exploiting compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement. According to Cybernews’ dark web tracker Ransomlooker, the gang has listed over a hundred victims in the last 12 months.
Some experts believe the Middle East has become "a high-priority target for many cybercriminal groups," with Everest spearheading the effort to cash in on the region.
Your email address will not be published. Required fields are markedmarked