Everest ransomware gang claims breach of ASUS, company says a third party supplier was hacked

The Everest ransomware group claim that they have breached ASUS, the Taiwan-based technology company, in a December 2, 2025 post on their dark web leak site. 

According to the ransomware group's claims, the stolen data includes more than one terabyte of sensitive information, allegedly including:

• Camera source code (proprietary firmware or software used in ASUS devices with built-in cameras)
• Internal documentation and databases
• Potentially low-level control code for camera modules and internal drivers

The number of affected individuals is not known. ASUS has not released any official statement about these claims. 

The Everest group issued a 21-hour deadline for ASUS to establish contact via Qtox, an encrypted messaging platform, with the data reportedly set to be published on approximately December 4, 2025.

Update - ASUS issued a public statement saying that an external supplier, not ASUS, was compromised. Per the statement, the incident exposed some camera-related source code used in ASUS phones, but did not impact ASUS products, internal systems, or customer data. The company says it is strengthening supply-chain security and remains compliant with cybersecurity standards. The supplier is not named.

As of 31st December 2025, the Everest ransomware group leaked 1TB of stolen ASUS data online. compromising sensitive files including AI models, memory dumps, and calibration data. The leaked dataset is now circulating on Russian-language cybercrime forums and contains files from ASUS as well as third parties like ArcSoft and Qualcomm.