Everest ransomware group has listed two separate entries on its darkish net leak web site, each focusing on Petrobras, a Brazilian majority state-owned multinational company big within the petroleum business headquartered in Rio de Janeiro.
Petrobras and SAExploration Knowledge
Each listings had been printed on November 14, 2025. The primary itemizing factors to an alleged information breach involving each Petrobras and a companion agency, SAExploration. In accordance with the group, it managed to steal a database that accommodates over 176 gigabytes of seismic navigation information. Greater than half of that, over 90 gigabytes, is alleged to belong on to Petrobras.
The information, as per the group, comprise extremely detailed technical data, together with ship positioning, gear configurations, hydrophone readings, and depth measurements. There are additionally high quality management paperwork, metadata, and processed studies that define survey progress and preliminary conclusions from subject operations.
It’s value noting that seismic surveys are important within the oil and fuel business and require main investments to plan, seize, and course of. If rivals acquire entry to this degree of element, together with the accuracy of ship motion and node placement, they might use it to copy Petrobras’ strategies, decrease their very own prices, or acquire leverage in contract negotiations.
Petrobras’ Campos Basin Seismic Surveys
The second itemizing from Everest ransomware focuses on Petrobras’ Campos Basin seismic surveys, which embody each 3D and 4D information units. This batch is once more stated to whole greater than 90 gigabytes and contains related classes of delicate data.
From ship coordinates and supply depths to shot pressures and gear alignment, the information counsel a full sweep of subject survey documentation. Screenshots of among the stolen information have additionally been shared by the group, which helps assist the declare.
The group has additionally issued a requirement, stating {that a} consultant from Petrobras should contact them via the encrypted messaging platform Tox inside 4 days. They’ve offered a particular Tox ID and warned that if no communication is made earlier than the deadline, additional motion might observe. A countdown timer was additionally posted alongside the message, making the deadline clear for the corporate to reply.
Proper After The Alleged Below Armour Hack
These breaches surfaced simply as Everest additionally claimed duty for hacking Below Armour, saying it exfiltrated 343 gigabytes of information, together with buyer data, product data, and inside company information.
Whereas Below Armour’s alleged breach targets a consumer-facing model, the Petrobras incident might have deeper implications for industrial competitiveness and strategic operations throughout the vitality sector.
Petrobras has not but commented publicly on the claims; due to this fact, Hackread.com has reached out to the corporate. This text shall be up to date accordingly.
