ASUS Responds to Security Incident

Technology giant ASUS has officially confirmed a security incident that originated from a third-party vendor. The confirmation came after the Everest ransomware group claimed to have breached the company’s network and leaked corporate data. In its statement, ASUS clarified that the incident did not impact its customer services or business operations. The company has since terminated its partnership with the compromised vendor and has reported the matter to law enforcement authorities. An investigation into the full extent of the breach is currently underway.

Everest Ransomware Group’s Claims

The Everest ransomware group, also known as Everbe 2.0, posted a notice on its data leak site announcing the breach. The group stated, “We announce that we have hacked Asus. We have a lot of corporate data.” According to the gang’s post, the exfiltrated data includes confidential documents, contracts, court cases, company private keys, and user information. In addition to leaking data, the Everest group is also offering to sell access to ASUS’s network. The threat actors further claimed to have compromised ASUS partners, specifically naming ArcSoft and Qualcomm in their announcement.

Source: https://securityaffairs.com/185310/data-breach/asus-confirms-vendor-breach-as-everest-gang-leaks-data-claims-arcsoft-and-qualcomm.html