Everest ransomware group has listed two separate entries on its dark web leak site, both targeting Petrobras, a Brazilian majority state-owned multinational corporation giant in the petroleum industry headquartered in Rio de Janeiro.
Petrobras and SAExploration Data
Both listings were published on November 14, 2025. The first listing points to an alleged data breach involving both Petrobras and a partner firm, SAExploration. According to the group, it managed to steal a database that contains over 176 gigabytes of seismic navigation data. More than half of that, over 90 gigabytes, is said to belong directly to Petrobras.
The files, as per the group, contain highly detailed technical information, including ship positioning, equipment configurations, hydrophone readings, and depth measurements. There are also quality control documents, metadata, and processed reports that outline survey progress and initial conclusions from field operations.
It is worth noting that seismic surveys are critical in the oil and gas industry and require major investments to plan, capture, and process. If competitors gain access to this level of detail, including the accuracy of ship movement and node placement, they could use it to replicate Petrobras’ methods, lower their own costs, or gain leverage in contract negotiations.
Petrobras’ Campos Basin Seismic Surveys
The second listing from Everest ransomware focuses on Petrobras’ Campos Basin seismic surveys, which include both 3D and 4D data sets. This batch is again said to total more than 90 gigabytes and includes similar categories of sensitive information.
From ship coordinates and source depths to shot pressures and equipment alignment, the files suggest a full sweep of field survey documentation. Screenshots of some of the stolen data have also been shared by the group, which helps support the claim.
The group has also issued a demand, stating that a representative from Petrobras must contact them through the encrypted messaging platform Tox within four days. They’ve provided a specific Tox ID and warned that if no communication is made before the deadline, further action may follow. A countdown timer was also posted alongside the message, making the deadline clear for the company to respond.
Right After The Alleged Under Armour Hack
These breaches surfaced just as Everest also claimed responsibility for hacking Under Armour, saying it exfiltrated 343 gigabytes of data including customer information, product records, and internal corporate files.
While Under Armour’s allegd breach targets a consumer-facing brand, the Petrobras incident could have deeper implications for industrial competitiveness and strategic operations within the energy sector.
Petrobras has not yet commented publicly on the claims therefore Hackread.com has reached out to the company. This article will be updated accordingly.