Google has sounded the alarm over what it describes as a large-scale cyberattack targeting Oracle’s suite of business applications. The company added that ‘likely over 100’ companies may have been compromised.
According to Reuters, Google, in a statement, said that “mass amounts of customer data” had been stolen in the breach, which may have begun as early as three months ago.
In its internal assessment, Google stated that the hackers appeared to have invested heavily in reconnaissance before launching their attacks.
“This level of investment suggests the threat actor(s) responsible for the initial intrusion likely dedicated significant resources to pre-attack research,” the company said in an email quoted by Reuters.
The tech giant added that the group suspected of carrying out the attacks, identified as CL0P, is known for previous large-scale cyber intrusions targeting third-party service providers and software vendors.
Google has sounded the alarm over what it describes as a large-scale cyberattack targeting Oracle’s suite of business applications. The company added that ‘likely over 100’ companies may have been compromised.
According to Reuters, Google, in a statement, said that “mass amounts of customer data” had been stolen in the breach, which may have begun as early as three months ago.
In its internal assessment, Google stated that the hackers appeared to have invested heavily in reconnaissance before launching their attacks.
“This level of investment suggests the threat actor(s) responsible for the initial intrusion likely dedicated significant resources to pre-attack research,” the company said in an email quoted by Reuters.
The tech giant added that the group suspected of carrying out the attacks, identified as CL0P, is known for previous large-scale cyber intrusions targeting third-party service providers and software vendors.
In a detailed blog post, Google said that Oracle first reported the breach on Oct. 2 noting that hackers may have taken advantage of vulnerabilities that were patched in July.
The company urged clients to apply the latest critical patch updates immediately. Two days later, on Oct. 4, Oracle reinforced that guidance, issuing emergency patches and reiterating the need for customers to remain up to date with all security updates.
Google’s analysis suggests that the CL0P extortion campaign followed months of sustained intrusion into Oracle E-Business Suite (EBS) customer environments.
The hackers allegedly exploited a zero-day vulnerability, possibly CVE-2025-61882, as early as Aug. 9, weeks before a security patch was made available. Evidence of suspicious activity was also traced back to July 10, according to Google’s blog post.
In many instances, the attackers were able to exfiltrate significant volumes of sensitive information from affected organisations.
In a separate statement to Reuters, Google analyst Austin Larsen said, “We are aware of dozens of victims, but we expect there are many more. Based on the scale of previous CL0P campaigns, it is likely there are over a hundred.”
Google confirmed that the hackers had specifically targeted Oracle’s E-Business Suite, a widely used platform that supports business functions such as customer management, supply chain operations, manufacturing, and logistics.
RECOMMENDED FOR YOU
Over 90% CXOs Exploring AI Solutions, But Most Still In Pilot Phase: Report
Eli Lilly Commits $1 Billion Investment In India To Scale Up Contract Manufacturing
Maruti Suzuki Shares Hit Record High After Goldman Sachs Upgrade — Check Price Target, Stock Rating And More
As Infosys Mulls Buyback, Will TCS Follow Suit?
POPULAR