In a significant cybersecurity incident, the Everest ransomware group has revealed that it has targeted two new victims: Dublin Airport and Air Arabia. This development follows the group’s recent announcement regarding a breach of AT&T Careers, where they claimed to have stolen personal records of approximately 576,000 applicants and employees. Both the latest victims have been listed on Everest’s dark web leak site, where the information is secured behind password protection, indicating that the data is not publicly accessible yet.
The breach involving Dublin Airport appears particularly severe, with Everest asserting they have obtained around 1.5 million personal records. This data includes a range of sensitive passenger information, such as full names, flight details, passenger IDs, and other identifiers that could facilitate the tracking of travelers’ activities. The detailed nature of this stolen data underscores the potential risks and ramifications for passengers if this information were to be released publicly.
In the case of Air Arabia, a low-cost airline headquartered in the United Arab Emirates, the group claims to possess personal information of over 18,000 employees. However, in contrast to the Dublin Airport breach, Everest has not disclosed specific data fields associated with Air Arabia. The group has set a deadline of six days for both organizations to respond before any potential public release of the stolen data occurs.
The Everest ransomware group has a well-documented history of exploiting corporate databases, targeting sectors ranging from employee records to financial data. Their recent focus on the aviation industry raises significant concerns. In September, several major European airports were disrupted due to a cyberattack linked to Collins Aerospace, a critical provider of aviation technology. This incident is indicative of the growing trend where cybercriminals are increasingly targeting the aviation sector, likely due to the high-value data contained within these organizations.
According to the MITRE ATT&CK framework, there are several tactics and techniques that could have been employed by the Everest group during these recent breaches. Initial access may have been achieved through spear-phishing or exploiting weaknesses within the organizations’ networks. Persistence and privilege escalation techniques could have allowed the group to navigate through internal systems undetected, enabling them to access sensitive data. Furthermore, the decision to password-protect the listings could suggest a strategy to control the release of information, thereby increasing their leverage over the affected organizations.
The seriousness of these breaches highlights the urgent need for organizations to prioritize cybersecurity measures, particularly against ransomware threats. As the Everest group continues to operate and expand its targets, vigilance from affected parties and the broader industry is paramount. Businesses must be prepared to respond to potential breaches swiftly, ensuring they have adequate risk management strategies in place. This includes monitoring for official communications related to any ongoing incidents and implementing robust data protection measures.
As the situation evolves, Hackread.com will continue to track developments related to both Dublin Airport and Air Arabia, including potential data releases and subsequent responses from the breached entities. Business owners should remain informed and vigilant, employing recommended protective measures in anticipation of further insights from the affected organizations and relevant authorities regarding this ongoing cybersecurity threat.
