‘Dozens’ of organizations had data stolen in Oracle-linked hacks

Security experts from Google have uncovered a significant data breach involving hackers who are specifically targeting corporate executives with extortion emails. This alarming revelation indicates that data from numerous organizations has been compromised. In a statement released on Thursday, Google informed TechCrunch that the Clop extortion gang has exploited various security vulnerabilities in Oracle's E-Business Suite software, resulting in the theft of critical data from the affected entities. Oracle’s E-Business Suite is essential for businesses, as it manages operations such as customer data storage and human resources files. Google highlighted in a blog post that this hacking campaign has been active since at least July 10, well before the breaches were initially detected—pointing to a potentially widespread issue. Earlier this week, Oracle acknowledged that the hackers were still leveraging its software to access personal information of corporate executives and their organizations. Notably, Oracle’s chief security officer, Rob Duhart, had previously asserted that the extortion campaign was linked to vulnerabilities that the company had patched back in July, implying that the threat had been neutralized. However, a security advisory released over the weekend contradicted this assertion, revealing a zero-day vulnerability that could be exploited remotely without requiring a username and password. This oversight has raised concerns regarding the security of Oracle systems. The Clop ransomware group, which has ties to Russia, is notorious for its extensive hacking operations, often utilizing unknown vulnerabilities to extract vast amounts of corporate and customer data. Their methods have included targeting managed file transfer tools like Cleo Software, MOVEit, and GoAnywhere, which businesses rely on for secure data transmission. In light of these developments, Google’s blog post provides email addresses and technical information to help network defenders identify potential extortion emails and detect any signs of compromise in their Oracle systems.