Everest Ransomware Group Hits Italian Tech Firm Diogenet S.r.l., Leaks 115GB Data

Incident Date:

June 13, 2024

World map

Overview

Title

Everest Ransomware Group Hits Italian Tech Firm Diogenet S.r.l., Leaks 115GB Data

Victim

Diogenet S.r.l.

Attacker

Everest

Location

Camposampiero, Italy

, Italy

First Reported

June 13, 2024

Everest Ransomware Group Targets Diogenet S.r.l. in Major Cyber Attack

Company Profile: Diogenet S.r.l.

Diogenet S.r.l., an Italian technology company founded in 2000 and headquartered in Milan, specializes in providing advanced technological solutions and services in information technology, telecommunications, and data management. The company, which reported a revenue of €12.8 million in the most recent fiscal year, employs 42 full-time professionals. Diogenet is known for its expertise in developing custom telecommunications software and integrating cutting-edge technologies into its service offerings.

Attack Overview

The Everest ransomware group has claimed responsibility for a significant cyber attack on Diogenet S.r.l., leaking approximately 115 GB of data. The attack was announced on Everest's dark web leak site, although specific details about the types of data compromised have not been disclosed. This breach highlights vulnerabilities in Diogenet's cybersecurity measures, despite the company's focus on implementing robust protective measures.

Everest Ransomware Group Profile

Active since December 2020, the Everest ransomware group is notorious for its involvement in ransomware attacks, data exfiltration, and initial access brokering. The group has targeted nearly 100 organizations across various industries, including high-profile victims like AT&T and several South American government organizations. Everest employs a combination of compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement, using AES and DES algorithms to encrypt files.

Penetration Tactics

Everest's penetration into Diogenet's systems likely involved exploiting vulnerabilities in network security, possibly through compromised user accounts or RDP. The group's increasing activity as an Initial Access Broker (IAB) suggests a sophisticated approach to gaining and selling access to compromised networks. This attack underscores the importance of continuous monitoring and updating of cybersecurity measures to defend against evolving threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.