Everest hacking group claims to have breached Mediclinic Group, a diversified international private healthcare services group, established in South Africa.
In a post on the dark web on 26th May 2025, the threat group shared they’ve exfiltrated the personal data of 1,000 employees alongside four(4) Gigabytes of internal company data, including sensitive information, possibly putting the company at risk.
The gang has given the company a five-day space to contact them and reach an agreement before releasing the stolen data. Should Mediclinic Group dare leave a blind eye, the threat group won’t hesitate leaking the company’s record.
It’s the modus operandi of ransomware gangs. They do that to instill fear in victims which eventually drives immediate action.
About Everest Ransomware Group
The Everest ransomware group has been in existence at least since December 2020. In the early stages of its operations, the threat group was known for data extortion and ransomware operations, now channelling its focus into becoming an Initial Access Broker (IAB) – where they sell compromised login access to other threat actors.
High-profile attacks orchestrated by the hacker group include an attack on the National Aeronautics and Space Administration (NASA) and the Brazilian government. Both incidents involved some form of data exfiltration, stealing over three (3) terabytes of data in the attack against the Brazilian government.
A recent high-profile incident involved Coca-Cola, claiming responsibility for exfiltrating approximately 23 million records affecting mainly customers of the Middle East.
The alleged breach of Mediclinic Group, if confirmed, can cause massive damages for the company, considering how wild the South African Regulator has been lately.
Also read: Netstar Suffers Ransomware Attack, Hackers Demand $1.2M
About Author
