Yazılar

Google says over 100 firms likely hit in Oracle-linked hacking campaign

/in /tarafından

Google warned that more than 100 companies may have been compromised in a massive cyberattack targeting Oracle’s E-Business Suite, a core system used by corporations to manage supply chains, customer data, and manufacturing operations.

In a statement released Thursday, Google said “mass amounts of customer data” were stolen in the attack, which may have begun three months ago. The company attributed the breach to the CL0P ransomware group, known for large-scale cyber intrusions exploiting third-party software vulnerabilities.

“This level of investment suggests the threat actor dedicated significant resources to pre-attack research,” Google’s cybersecurity division said. Analyst Austin Larsen added that while dozens of victims have been confirmed, “based on the scale of previous CL0P campaigns, it is likely there are over a hundred.”

The breach appears to have targeted Oracle’s E-Business Suite, used by corporations worldwide to manage sensitive operations including logistics, customer relations, and payments. Oracle has not publicly commented beyond acknowledging ongoing extortion attempts against some clients.

CL0P, which has previously claimed responsibility for major data thefts, told Reuters earlier this week that Oracle had “bugged up their core product.” The group is reportedly threatening to publish stolen data unless ransom demands are met.

Cyber experts say the scale of the attack could rival the MOVEit hack of 2023, underlining the growing risk of supply chain breaches that exploit trusted enterprise software systems.

Oracle Confirms Extortion Campaign Targeting Its E-Business Suite Customers

/in /tarafından

has confirmed that some users of its E-Business Suite software have received extortion emails from hackers, validating a warning first issued by Google earlier this week. In a Thursday blog post, the California-based tech giant said its internal investigation revealed potential exploitation of previously known software vulnerabilities and urged customers to upgrade their systems immediately.

The company did not specify how many clients were impacted, but Google described the campaign as “high volume”, suggesting a broad wave of attacks against enterprise users.

Cybersecurity experts have linked the operation to the ransomware group Cl0p, a notorious Russia-linked or Russian-speaking collective that operates under a ransomware-as-a-service model—leasing its malware tools to other cybercriminals for a share of the profits. In a message to Reuters, the group said “Oracle bugged up,” but declined to provide further details.

According to Halcyon’s Ransomware Research Center chief Cynthia Kaiser, recent extortion demands connected to the campaign range from millions to tens of millions of dollars, with the highest reaching $50 million.

Trend Micro, a Japanese cybersecurity firm, previously labeled Cl0p as a “trendsetter for its ever-changing tactics,” noting its rapid adaptation to new vulnerabilities and defenses.

The attacks come amid a surge in corporate cyber-extortion incidents, targeting firms with complex enterprise software systems that handle sensitive financial and operational data. Oracle’s swift public acknowledgment—unusual in such cases—signals the seriousness of the threat and the company’s attempt to reassure customers that patches and updates remain their best defense.