Google Mandiant and the Google Threat Intelligence Group are tracking a suspected extortion campaign by the Cl0p ransomware group targeting executives with claims of stealing Oracle E-Business Suite data.
The hackers have demanded ransoms reaching up to $50 million, with cybersecurity firm Halcyon reporting multiple seven and eight-figure ransom demands in recent days. The group claims to have breached Oracle’s E-Business Suite, which manages core operations including financial, supply chain, and customer relationship management functions.
Modus operandi
The attackers reportedly hacked user emails and exploited Oracle E-Business Suite’s default password reset functionality to steal valid credentials. This technique bypassed single sign-on protections due to the lack of multi-factor authentication on local Oracle accounts. At least one company has confirmed that data from their Oracle systems was stolen, according to sources familiar with the matter. The hackers provided proof of compromise to victims, including screenshots and file trees.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: