Everest Ransomware Gang Claims Breach of Atlas Air and Tsunami Tsolutions in Suspected Aerospace Supply Chain Attack
The Everest ransomware cartel, a Russia-linked cybercrime group active since July 2021, has claimed responsibility for breaching two key players in the American aerospace industry: cargo airline Atlas Air and aerospace supplier Tsunami Tsolutions. The attacks, posted days apart on a dark web forum, suggest a coordinated supply chain campaign targeting sensitive technical and operational data.
According to the attackers, the breach of Atlas Air one of the world’s largest cargo airlines, operating Boeing 747s and generating $4.5 billion in revenue resulted in the theft of 1.2 terabytes of data. The stolen files reportedly include aircraft maintenance documents, repair reports, parts catalogues, and internal operational records, with a focus on Boeing models. Screenshots shared by Everest also referenced United Airlines and Malaysia Airlines, though the latter’s connection to Atlas Air remains unclear.
Days later, Everest claimed a second breach, this time targeting Tsunami Tsolutions, a company specializing in aerospace engineering support and custom components. The attackers alleged the theft of Boeing-related confidential data, though no samples were provided only screenshots of the purported stolen files. Cybernews researchers noted that the similarities in the exposed data, including maintenance records and technical documents, point to a potential single attack vector compromising both companies.
The implications of the breaches extend beyond immediate operational disruptions. Stolen maintenance reports could lead to safety concerns or delays if tampered with, while leaked intellectual property developed over years and billions in investment risks competitive exploitation. The aerospace sector’s interconnected supply chain, linking Boeing (aircraft supplier), Atlas Air (operator), and Tsunami Tsolutions (component provider), amplifies the potential fallout.
Atlas Air has denied any system penetration, though it did not address the dark web evidence. Tsunami Tsolutions has not publicly responded. Everest, known for high-profile attacks on Iron Mountain, ASUS, Nissan, and McDonald’s India, typically withholds data samples to pressure victims into paying ransoms. The group’s tactics including naming major clients to escalate leverage align with its history of aggressive extortion.
As of February 12, the full scope of the attack remains under investigation, with no confirmation on whether the breaches stemmed from a single vulnerability or separate intrusions. The incident underscores the growing threat of ransomware cartels targeting critical supply chains, where a single compromise can ripple across multiple industries.
Source: https://cybernews.com/security/atlas-air-ransomware-breach-boeing-data/
Atlas Air cybersecurity rating report: https://www.rankiteo.com/company/atlas-air
Tsunami Tsolutions cybersecurity rating report: https://www.rankiteo.com/company/tsunami-tsolutions-llc.
"id": "ATLTSU1770921536",
"linkid": "atlas-air, tsunami-tsolutions-llc.",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Aerospace',
'location': 'United States',
'name': 'Atlas Air',
'size': 'Large (Revenue: $4.5 billion)',
'type': 'Cargo Airline'},
{'industry': 'Aerospace Engineering',
'location': 'United States',
'name': 'Tsunami Tsolutions',
'type': 'Aerospace Supplier'}],
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High (Technical and operational data, '
'intellectual property)',
'type_of_data_compromised': ['Aircraft maintenance documents',
'Repair reports',
'Parts catalogues',
'Internal operational records',
'Boeing-related confidential '
'data']},
'description': 'The Everest ransomware cartel, a Russia-linked cybercrime '
'group active since July 2021, has claimed responsibility for '
'breaching two key players in the American aerospace industry: '
'cargo airline Atlas Air and aerospace supplier Tsunami '
'Tsolutions. The attacks suggest a coordinated supply chain '
'campaign targeting sensitive technical and operational data.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '1.2 terabytes (Atlas Air), Unspecified '
'(Tsunami Tsolutions)',
'operational_impact': 'Potential safety concerns or delays due to '
'tampered maintenance reports'},
'investigation_status': 'Under investigation',
'motivation': 'Extortion, Data Theft, Competitive Exploitation',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
'references': [{'source': 'Cybernews'}, {'source': 'Dark Web Forum'}],
'response': {'communication_strategy': 'Atlas Air denied system penetration; '
'Tsunami Tsolutions has not responded'},
'threat_actor': 'Everest ransomware cartel',
'title': 'Everest Ransomware Gang Claims Breach of Atlas Air and Tsunami '
'Tsolutions in Suspected Aerospace Supply Chain Attack',
'type': 'Ransomware'}