Everest Group Data Breach Hits McDonald’s India and ASRock Rack & Others

The Everest Group extortion group, a known cybercriminal entity specializing in data exfiltration and access brokering, claims to have breached several organizations across the globe. The group has updated its leak site with a diverse list of victims, ranging from multinational food chains to specialized engineering and technology firms.

The latest list of alleged victims posted by the group includes:

• McDonald’s India (🇮🇳): A major fast-food restaurant chain operating across the Indian subcontinent.

• GIBSIN Engineers (🇹🇼): A Taiwanese engineering firm specializing in the design and construction of power and industrial facilities.

• ASRock Rack (🇹🇼): A global manufacturer of specialized server hardware, motherboards, and high-performance computing (HPC) solutions.

• Reeves Information Technology (🇺🇸): A Pennsylvania-based provider of managed IT services and network support for businesses.

• WANCHI STEEL INDUSTRIAL (🇹🇼): A leading Taiwanese manufacturer of heavy-duty steel pipes and equipment for energy and petrochemical industries.

• GC Accounting (🇬🇧): A United Kingdom-based firm providing professional accounting, auditing, and financial advisory services.

According to the actor, the volume of exfiltrated data exceeds 1.5 TB in total. The allegedly compromised data includes highly sensitive intellectual property, internal configurations, and personal information.

McDonald’s India

The allegedly compromised data includes:

• Customer personal data

• Internal company documents

• Client information and records

GIBSIN Engineers

The allegedly compromised data includes:

• Engineering and design documentation (Master plans, layouts)

• Process diagrams and P&ID (Piping and Instrumentation Diagrams)

• Electrical documentation for 500 kV GIS areas

• Piping system diagrams and isometric drawings

• Calculation spreadsheets and bills of materials (BOM)

ASRock Rack

The allegedly compromised data includes:

• Firmware and BIOS files for server models

• Diagnostic utilities and installation packages

• Operating system and software images (CentOS, Ubuntu)

• BMC (Baseboard Management Controller) firmware

• Hardware drivers and third-party utilities

Reeves Information Technology

The allegedly compromised data includes:

• Internal company documents

• Client personal documents

• Client sensitive information

WANCHI STEEL INDUSTRIAL

The allegedly compromised data includes:

• Engineering drawings of piping and technological systems

• Specifications and bills of materials

• Documentation for steam circuits and water treatment systems

• Installation and operational notes

GC Accounting

The allegedly compromised data includes:

• 34 GB of internal database files

• Over 62,000 files including accounting records

• Financial and administrative folders