Hackers are emailing executives at multiple organizations, claiming to have stolen sensitive data from Oracle E‑Business Suite and demanding ransoms, while Google notes it cannot yet verify the claims’ authenticity [techcrunch.com#4][slashdot.org#7]. Oracle says its initial investigation indicates the activity may involve vulnerabilities that were already patched in July 2025 and is urging customers to apply updates [securityweek.com#1]. Reported demands have reached as high as $50 million, and researchers are assessing possible links to the Cl0p ransomware ecosystem and FIN11 [techrepublic.com#3][securityweek.com#2][thehackernews.com#5].
Highlights:
- Targeted executives: Extortion emails were sent to executives at numerous organizations, alleging Oracle E‑Business Suite data theft [techcrunch.com#4][slashdot.org#7].
- Patch context: Oracle reports the activity may involve vulnerabilities fixed in its July 2025 updates and urges customers to patch [securityweek.com#1].
- Ransom demands: At least one demand sought up to $50 million from a victim organization [techrepublic.com#3][fudzilla.com#6].
- Attribution uncertainty: Google and Mandiant are tracking a cluster possibly tied to Cl0p, but evidence of the claimed theft is not yet verified [thehackernews.com#5][slashdot.org#7][theregister.com#8].
- Threat actor links: Security researchers noted potential ties to Cl0p and FIN11 in the extortion campaign [securityweek.com#2].
Perspectives:
- Oracle: Oracle says known E‑Business Suite vulnerabilities patched in July 2025 may have been involved and urges customers to apply the latest updates. (SecurityWeek)
- Google Threat Intelligence: Google says a group claiming affiliation with Cl0p is sending extortion emails to executives but does not currently have sufficient evidence to definitively assess the veracity of these claims. (Slashdot)
- Mandiant researchers: Mandiant is tracking the activity and, along with Google, has yet to find proof supporting the claimed data theft. (The Register)
- Security researchers (SecurityWeek): Researchers observed possible links to Cl0p and FIN11 in the extortion wave targeting Oracle E‑Business Suite customers. (SecurityWeek)
Sources:
- Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks – securityweek.com
- Oracle Extortion Case: $50M Demand From ‘Notorious’ Hacking Group – techrepublic.com
- Hackers are sending extortion emails to executives after claiming Oracle apps’ data breach – techcrunch.com
- Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware – thehackernews.com
- Oracle E-Business Suite hacked in $50 million extortion campaign – fudzilla.com
- Google Says Hackers Are Sending Extortion Emails To Executives – slashdot.org
- Clop-linked crims shake down Oracle execs with data theft claims – theregister.com
