"The Everest ransomware gang has struck again, this time targeting sportswear giant Under Armour in a cyberattack that exposed sensitive information from millions of customers worldwide. The breach, which occurred in November 2025, involved hackers stealing 343 GB of company data before issuing ultimatum demands. On Jan. 21, Have I Been Pwned reported that customer data from the incident was published publicly on a popular hacking forum, including 72 million email addresses."
"Many records also contained additional personal information such as names, dates of birth, genders, geographic locations, and purchase information. Meet the Everest gang The Everest ransomware group has emerged as one of the most prolific cybercriminal organizations, with Under Armour representing just their latest high-profile conquest. Operating since December 2020, the gang has evolved from simple ransomware attacks into a sophisticated criminal enterprise that also functions as an Initial Access Broker, selling network access to other hackers."
"Their recent victim list reads like a Fortune 500 directory: Coca-Cola Europacific Partners, AT&T, Collins Aerospace, and the Abu Dhabi Department of Culture and Tourism have all fallen prey to Everest's operations. These aren't opportunistic attacks-they represent calculated strikes against global infrastructure that generates billions in combined revenue. The group's technical sophistication becomes clear when examining their methods. Everest operatives utilize remote access tools like AnyDesk and Splashtop for command and control, while commonly exploiting weak or stolen credentials for initial network penetration."
Everest ransomware gang breached Under Armour in November 2025, stealing 343 GB of company data. Seventy-two million email addresses were published on a popular hacking forum on Jan. 21 along with names, dates of birth, genders, geographic locations, and purchase information. Everest has operated since December 2020 and evolved into an Initial Access Broker that sells network access to other hackers. The group has targeted major organizations including Coca-Cola Europacific Partners, AT&T, Collins Aerospace, and the Abu Dhabi Department of Culture and Tourism. Operators use AnyDesk and Splashtop, exploit weak or stolen credentials, and encrypt files with AES and DES using a '.EVEREST' extension. The group posted their Under Armour claims on Nov. 16, 2025, giving the company seven days to establish contact via encrypted messaging.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]