Mitsubishi Chemical Hit by Everest Ransomware, 6TB Data Stolen
Incident Date:
August 31, 2024
Overview
Title
Mitsubishi Chemical Hit by Everest Ransomware, 6TB Data Stolen
Victim
Mitsubishi Chemical Group
Attacker
Everest
Location
First Reported
August 31, 2024
Everest Ransomware Group Targets Mitsubishi Chemical Group in Major Cyber Attack
Mitsubishi Chemical Group (MCG), a leading global specialty materials provider headquartered in Tokyo, Japan, has recently fallen victim to a significant ransomware attack orchestrated by the Everest Ransomware Group. The cybercriminals claim to have exfiltrated 6TB of sensitive organizational data, posing substantial risks to the company's operations and data security.
About Mitsubishi Chemical Group
MCG is a major player in the chemical manufacturing industry, known for its innovative solutions that address various industrial and societal challenges. The company operates across multiple sectors, including chemicals, plastics, and advanced materials. MCG is committed to sustainability, focusing on the development of eco-friendly products and processes. With a workforce of over 66,000 employees and a global presence, MCG reported consolidated sales revenue of approximately $29.2 billion USD for the fiscal year 2023.
Attack Overview
The Everest Ransomware Group has claimed responsibility for the attack on MCG, stating that they have infiltrated the company's systems and exfiltrated 6TB of data. This breach underscores the growing threat of ransomware attacks on major industrial entities. The attackers have listed MCG on their dark web leak site, indicating the potential for sensitive data to be publicly disclosed if ransom demands are not met.
About Everest Ransomware Group
The Everest Ransomware Group is a notorious cybercriminal organization active since at least December 2020. Initially focused on data exfiltration, the group has evolved into a ransomware operator. Everest is known for targeting high-profile victims across various industries, including capital goods, healthcare, and the public sector. The group employs sophisticated tactics, such as using legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement within targeted networks.
Penetration and Vulnerabilities
While the exact method of penetration in the MCG attack remains unclear, Everest typically exploits vulnerabilities in network security, such as weak RDP configurations and compromised user credentials. The group's ability to act as an Initial Access Broker (IAB) further complicates defense efforts, as they can sell backdoors into compromised organizations to other cybercriminals. This multifaceted approach makes Everest a formidable adversary in the cybersecurity landscape.
Implications for Mitsubishi Chemical Group
The ransomware attack on MCG highlights the vulnerabilities that even large, well-established companies face in the digital age. The potential exposure of 6TB of data could have far-reaching consequences for MCG's operations, reputation, and financial stability. This incident serves as a stark reminder of the critical importance of cybersecurity measures in protecting against sophisticated cyber threats.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.