- Ransomware operators Everest adds Mailchimp to their data leak site
- They claimed to have stolen 767 MB of sensitive data
- The community mocked the size of the archive
Russian ransomware gang Everest says it recently broke into email marketing giant Mailchimp, left samples on its dark web site, and gave the company a few days to step up and pay, or face the consequences. But instead of causing a stir – the group became a laughing stock of the cybersecurity community.
Mailchimp is one of the most popular platforms in its industry, with more than 14 million active users, so when cybercriminals break in and steal data – the community expects a large database with plenty of juicy intel inside.
Everest, however, exfiltrated “only” 767MB of information, which includes 943,536 lines, and apparently include “Internal company documents”.
“The leak of your internal company documents contains a huge variety of personal documents and information of clients,” Everest apparently said on its data leak site.
The news was picked up by the malware repository “vx-underground” which, on X, said the database seemed, “remarkably small for a vendor as large and widespread as MailChimp.”
Others quickly chimed in, sharing a similar sentiment: “Like one customer,” one person said. “That’s probably 300 milliseconds worth of mailchimp data. Likely a client of a client’s emails were leaked,” another one added.
Everest is not a state-sponsored group, but since its members speak Russian, security researchers believe the group is located there, as well.
It has been active since 2020, beginning as a data-extortion actor and later evolving into a full ransomware operation. Over time, it has shifted somewhat toward acting as an Initial Access Broker (IAB), too, selling access to compromised networks to other criminal gangs rather than executing ransomware themselves.
It has claimed hundreds of victims so far, including heavyweights such as AT&T, multiple South American governments, Coca‑Cola’s Middle East wing, Crumbl Cookies, Mediclinic hospitals, and Saudi conglomerate Rezayat Group.
Via Cybernews
