ASRock Rack, ASRock’s enterprise-grade server storage and cloud hardware brand, was listed on the dark web leak site of the Everest ransomware gang overnight.
The threat group claimed to have stolen a 509-gigabyte database, including “electronic documents and files” containing “confidential” data and technical documentation relating to firmware, software, BIOS, diagnostic and installation tools, operating systems, baseboard management controller firmware, drivers and utilities and more.
“There are electronic documents and files at disposal containing important information related to confidential technical documentation and software,” the group said.
Everest said that leaking the allegedly stolen data could lead to a number of major consequences, most notably creating further security vulnerabilities that hackers could exploit to compromise systems and devices.
“Unauthorized access to these files could allow attackers to exploit vulnerabilities in hardware and software systems, leading to their compromise,” it said.
According to Christiaan Beek, senior director of threat intelligence and analytics at Rapid7, the risk of new vulnerabilities is very real and could potentially indicate state-aligned involvement.
“If attackers truly obtained firmware and BIOS-related material, the risk goes beyond the victim organisation and into supply-chain trust. Firmware sits below the operating system, so weaknesses in update mechanisms, boot trust, or diagnostic tooling can be harder to spot and can survive traditional rebuild-and-reimage recovery,” he said.
“We can’t verify criminal claims without confirmation from the vendor, but we also can’t rule out the possibility of follow-on activity, including accelerated vulnerability research and the repackaging of ‘authentic-looking’ drivers or images for malicious distribution.
“While these groups portray incidents as simple extortion, the timing and strategic value of some targets means we shouldn’t exclude the possibility of direction or encouragement from state-aligned interests in certain cases.”
However, Everest also said that leaking the data could lead to reputation damage, impact on clients and partners that could wither trust or create legal consequences, and a loss of intellectual property that could bolster competition and decrease business outcomes.
The threat actor also posted a data sample on the listing, which contained a number of screenshots of file trees. While it is unclear what the files contain, keywords such as data centre and diag suggest that they line up with what Everest is claiming to have stolen.
Everest said it will publish the data in just under nine days at the time of writing, but did not disclose a ransom amount publicly.
The ASRock Rack incident comes just weeks after Everest hacked a supplier for PC hardware giant ASUS, a claim the company confirmed.
“An ASUS supplier was hacked,” ASUS said in a statement.
“This affected some of the camera source code for ASUS phones. This incident has not impacted ASUS products, internal company systems, or user privacy. ASUS continues to strengthen supply chain security in compliance with cyber security standards.”
The statement follows a 2 December post on Everest’s leak site, which claimed that the hackers had compromised “camera source code” alongside a one-terabyte database. Since then, however, Everest has released more details of the allegedly stolen data.
“The files include data from ASUS, ArcSoft, Qualcomm,” Everest said.
Daniel Croft