‘Dozens’ of Organizations Had Data Stolen in Oracle-Linked Hacks
Google researchers reveal that the Clop extortion gang has stolen data from "dozens of organizations" by exploiting security vulnerabilities in Oracle’s E-Business Suite. Despite earlier claims of a fix, Oracle admits hackers continue to abuse the software.
Security researchers at Google revealed on Thursday that hackers targeting corporate executives with extortion emails have successfully stolen data from "dozens of organizations." This marks one of the first signs that the Clop extortion gang's hacking campaign may be far-reaching.
According to Google, the Clop gang exploited multiple security vulnerabilities in Oracle's E-Business Suite software, which companies use to run operations like storing customer data and managing human resources files.
The Extortion Campaign's Timeline
In a blog post, Google stated that the hacking campaign targeting Oracle customers began on July 10, three months before the hacks were first detected. This suggests that the campaign had been ongoing for a significant period before it came to light.
Earlier this week, Oracle admitted that hackers were still abusing its E-Business Suite software to steal personal information about corporate executives and their companies. A few days prior, Oracle's chief security officer, Rob Duhart, had claimed that the extortion campaign was linked to previously identified vulnerabilities that Oracle had patched in July. Duhart suggested the hacks were over, but the situation has proven more complex.
Zero-Day Exploit and Clop Gang's Role
Oracle published a security advisory over the weekend, revealing that the zero-day bug (a previously unknown vulnerability exploited by hackers before a fix could be implemented) can be "exploited over a network without the need for a username and password."
The Clop ransomware gang, linked to Russia, has become notorious in recent years for conducting mass hacking campaigns. These attacks often exploit zero-day vulnerabilities to steal corporate and customer data. The gang has previously targeted managed file transfer tools like Cleo, MOVEit, and GoAnywhere, which companies use to send sensitive data over the internet.
How to Detect the Attack
In its blog post, Google shared email addresses and other technical details that network defenders can use to identify extortion emails and other signs that their Oracle systems might have been compromised.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
