Data Breach Alert: Hackers Target Oracle E-Business Suite For Extortion, Warns Google
Google has alerted companies after hackers claimed to steal sensitive data from Oracle applications and sent extortion emails demanding large ransoms.
Alphabet Inc.’s Google has issued a warning after hackers reportedly targeted Oracle business applications to steal sensitive data and send extortion emails to executives at multiple companies, Reuters reported.
In a statement, Google said a group claiming affiliation with the ransomware gang Cl0p alleged that it had stolen data from Oracle E-Business Suite. The company described the email campaign as high volume but declined to provide further specifics. According to Reuters, Google added that it “does not currently have sufficient evidence to definitively assess the veracity of these claims.”
Oracle’s E-Business Suite powers critical operations, including financial management, supply chain functions and customer relationship management, Bloomberg reported. In one case, the attackers demanded a ransom of up to $50 million, according to cybersecurity firm Halcyon, cited by Bloomberg.
“We have seen Cl0p demand huge seven- and eight-figure ransoms in the last few days,” Bloomberg quoted Cynthia Kaiser, vice president at Halcyon’s ransomware research centre, as saying.
Cl0p said in an email that the hackers were not ready to talk about specifics just yet, according to Reuters. Bloomberg stated that emails received from hundreds of hacked third-party accounts were used to launch the campaign around Sept. 29. The extortion emails were written in poor English and grammar, and a person close toto the campaign told Bloomberg on condition of anonymity that they are typical of the group.
According to the Bloomberg report, Halcyon said that the hackers gained authentic credentials by gaining access to user emails and utilising the Oracle E-Business Suite websites’ default password-reset option.
Cl0p has a history of attacking large companies with sophisticated software, locking down their files and then requesting payment to unlock them. Bloomberg said that the group claimed to have exploited vulnerabilities in the file-transfer application MOVEit to steal data from many companies in 2023. Earlier victims included Shell Plc, British Airways and BBC.
The US Cybersecurity and Infrastructure Security Agency referred to Cl0p as one of the largest phishing and malspam distributors worldwide in June 2023. The agency said that 8,000 organisations worldwide and more than 3,000 enterprises in the US have been impacted, reported Bloomberg.
