Hackers are sending extortion emails to executives after claiming Oracle apps’ data breach

Hackers linked to a notorious ransomware collective are reportedly sending extortion emails to high-ranking officials at numerous large corporations, claiming to have compromised sensitive data from Oracle's suite of business software. Genevieve Stark, head of cybercrime analysis at Google, revealed that these malicious emails began circulating around September 29. However, Google has yet to verify the hackers' assertions regarding the data breach. The emails are being dispatched from hundreds of compromised accounts, including those tied to the Clop ransomware gang, known for its financially motivated attacks. Charles Carmakal, CTO of Google's incident response team Mandiant, highlighted that these communications contained contact information associated with Clop’s data leak site, which the hackers utilize to coerce victims into paying for the return of their stolen data. Clop has gained notoriety for its extensive hacking activities over the years, often leveraging zero-day vulnerabilities—previously unknown security flaws—to infiltrate multiple organizations simultaneously. This approach has resulted in the theft of personal data belonging to millions of individuals. In a notable instance, hackers reportedly demanded a staggering $50 million from one victim, according to the counter-ransomware firm Halcyon. Investigations reveal that the hackers exploited compromised user emails and manipulated the default password-reset feature to gain access to Oracle E-Business Suite web portals, which are publicly accessible. Oracle E-Business Suite is designed to assist businesses in managing customer databases, employee records, and human resources information, with a global user base of thousands of organizations relying on its services. Despite multiple inquiries, Oracle spokesperson Deborah Hellinger did not provide a comment on the situation.