A ransomware group known as Everest has claimed responsibility for a cyberattack against NIMR Oil Well Maintenance, a company operating in Qatar’s oil and gas sector.
According to the threat actor, approximately 233.6 GB of data was allegedly stolen. The claimed information includes operational and engineering records, equipment certification documents, well programmes, HSE and QA/QC documentation, personnel records, financial documents, engineering drawings, technical manuals, Microsoft Outlook email archives, and email addresses.
The group also claims that the exposed information involves customers and business partners, including QatarEnergy, North Oil Company, SLB, Halliburton, Baker Hughes, NOV, and QatarEnergy LNG.
At the time of publication, these claims have not been independently verified, and no official confirmation has been issued by NIMR Oil Well Maintenance.
If confirmed, the incident would highlight the continued interest of ransomware groups in organizations supporting the energy sector. Companies in this industry often manage valuable operational, engineering, commercial, and personnel information, making them attractive targets for financially motivated cybercriminals.
The alleged incident also highlights the growing cybersecurity risks facing supply chains. A cyberattack against one organization may have implications for customers, business partners, and suppliers that rely on shared information and interconnected operations.
In addition, stolen personnel records and email archives can potentially be used in follow-on cyberattacks, including targeted phishing campaigns, employee impersonation, and attempts to compromise partner organizations.
Organizations operating in critical infrastructure sectors should continue to strengthen their cybersecurity posture by protecting sensitive operational data, maintaining secure offline backups, continuously monitoring their networks, regularly testing incident response plans, and reviewing security controls across their supply chains.
This incident, whether ultimately confirmed or not, serves as a reminder that cybersecurity is no longer solely an information technology concern. It is a business and operational risk that requires continuous attention across all sectors supporting critical infrastructure.
