Multiple Organizations Impacted by Oracle-Linked Data Breaches

Google security specialists have revealed that hackers are targeting corporate executives with extortion emails, successfully compromising data from “dozens of organizations.” This indicates that the hacking campaign could potentially be widespread.

On Thursday, the tech giant informed TechCrunch that the Clop extortion group exploited multiple security vulnerabilities in Oracle’s E-Business Suite software, allowing them to access significant amounts of data from the affected organizations.

Oracle’s E-Business software plays a crucial role for companies in managing operations, including the storage of customer data and human resources documentation.

As reported by Google, the hacking campaign targeting Oracle clients has been operational since at least July 10, three months before the hacks were first detected.

Earlier this week, Oracle admitted that the hackers linked to the extortion campaign continue to exploit its software to obtain personal data from corporate executives and their companies. Just days earlier, Oracle’s chief security officer, Rob Duhart, had stated in a now-deleted post that the extortion campaign was related to previously identified vulnerabilities that Oracle had mitigated in July, suggesting that the issues had been resolved.

However, in a security advisory issued over the weekend, Oracle noted that a zero-day vulnerability—named for its exploitation by hackers before Oracle could issue a fix—could be “exploited over a network without the need for a username and password.”

The Clop ransomware and extortion group, linked to Russia, has become well-known in recent years for its extensive hacking operations, often taking advantage of vulnerabilities unknown to the software vendor at the time of exploitation to steal large quantities of corporate and customer data. This includes managed file transfer tools like Cleo, MOVEit, and GoAnywhere, which businesses use to transmit sensitive information over the internet.

Google’s blog post includes email addresses and other technical details that network defenders can utilize to recognize extortion emails and evaluate whether their Oracle systems may have been compromised.