The Everest ransomware group posted on its dark-web leak site on December 2 claiming it breached ASUS and stole more than 1 TB of internal data. Everest said the haul includes internal documents, engineering material, and other confidential files, and it demanded that ASUS contact the group via the encrypted platform Qtox. The post did not disclose a ransom amount.
The group described the stolen material as including what it calls camera source code. The article notes that camera source code in this context likely refers to firmware or low-level software used in ASUS devices with integrated cameras, such as drivers, applications related to image processing, or internal developer tools. Everest has previously focused on taking technical intellectual property and development archives before attempting encryption, a tactic the group uses to increase leverage even when victims can restore systems from backups.
ASUS initially did not confirm or deny the alleged breach. The company later issued a public statement saying the incident involved an external supplier rather than ASUS itself. According to ASUS, the compromise exposed some camera-related source code used in ASUS phones but did not affect ASUS products, internal company systems, or user privacy. ASUS said it is strengthening supply-chain security and remains compliant with cybersecurity standards. The company published a notice titled Public Statement Regarding Unauthorized Third-Party Data Access noting the supplier hack and reiterating that user privacy and product integrity were not impacted.
