Saudi Industrial Giant Rezayat Hit by Everest Ransomware, Data Leak Threatened
The Everest ransomware cartel has claimed a breach of Rezayat Group, a multibillion-dollar Saudi industrial services provider operating across 13 countries with over 20,000 employees. Attackers allege they stole 10GB of data, including contracts, technical drawings, and employee records, though the full extent remains unverified. The gang posted samples on its dark web leak site to pressure Rezayat into paying a ransom.
Cybernews researchers analyzed the leaked snippets, which revealed sensitive documents tied to Rezayat’s clients, raising concerns about supply chain risks and reputational damage. The breach could enable further attacks if stolen data is weaponized.
Everest, active since 2021 and linked to the Russia-affiliated BlackByte group, has targeted over 100 victims in the past year, often exploiting compromised credentials and Remote Desktop Protocol (RDP) for access. The Middle East has become a high-priority target for cybercriminals, with Rezayat’s size and regional influence making it a prime mark.
Rezayat, which spans engineering, manufacturing, and logistics, has yet to respond to inquiries. The incident underscores the growing threat of ransomware cartels leveraging stolen data for extortion and follow-on attacks.
Source: https://cybernews.com/security/rezayat-group-ransomware-data-breach/
Rezayat Group cybersecurity rating report: https://www.rankiteo.com/company/rezayat-group
"id": "REZ1771223349",
"linkid": "rezayat-group",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': ['Engineering',
'Manufacturing',
'Logistics'],
'location': 'Saudi Arabia (operates across 13 '
'countries)',
'name': 'Rezayat Group',
'size': 'Multibillion-dollar, 20,000+ employees',
'type': 'Industrial Services Provider'}],
'attack_vector': 'Compromised credentials, Remote Desktop Protocol (RDP)',
'data_breach': {'data_exfiltration': 'Yes (10GB stolen)',
'personally_identifiable_information': 'Employee records',
'sensitivity_of_data': 'High (sensitive client documents)',
'type_of_data_compromised': ['Contracts',
'Technical drawings',
'Employee records']},
'description': 'The Everest ransomware cartel has claimed a breach of Rezayat '
'Group, a multibillion-dollar Saudi industrial services '
'provider operating across 13 countries with over 20,000 '
'employees. Attackers allege they stole 10GB of data, '
'including contracts, technical drawings, and employee '
'records, though the full extent remains unverified. The gang '
'posted samples on its dark web leak site to pressure Rezayat '
'into paying a ransom. Cybernews researchers analyzed the '
'leaked snippets, which revealed sensitive documents tied to '
'Rezayat’s clients, raising concerns about supply chain risks '
'and reputational damage. The breach could enable further '
'attacks if stolen data is weaponized.',
'impact': {'brand_reputation_impact': 'High (reputational damage, supply '
'chain risks)',
'data_compromised': '10GB of data'},
'initial_access_broker': {'entry_point': 'Compromised credentials, RDP'},
'motivation': 'Extortion, Data Theft',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
'references': [{'source': 'Cybernews'}],
'threat_actor': 'Everest Ransomware Cartel (linked to Russia-affiliated '
'BlackByte group)',
'title': 'Saudi Industrial Giant Rezayat Hit by Everest Ransomware, Data Leak '
'Threatened',
'type': 'Ransomware'}