Oracle Hackers Target Executives with Extortion Emails
▼ Summary
– Hackers linked to the Clop ransomware group are sending extortion emails to executives at large organizations, claiming to have stolen sensitive data from Oracle’s E-Business Suite.
– Google’s cybercrime analysis head stated the emails began around September 29, but the tech giant has not verified the hackers’ data theft claims.
– The emails were sent from hundreds of compromised accounts and included contact addresses listed on Clop’s data leak site to pressure victims into paying.
– Clop is a prolific hacking group known for exploiting zero-day vulnerabilities to breach companies and steal data affecting tens of millions of people.
– Hackers reportedly used compromised emails and abused Oracle’s password-reset function to gain access to web-portals of the E-Business Suite, which is used by thousands of organizations worldwide.
A sophisticated hacking campaign is now targeting top-level executives at major corporations with extortion emails, following claims that sensitive data was stolen from Oracle’s widely used business software products. According to Google’s cybercrime analysis team, the attackers began distributing these threatening messages around September 29, though the company has not yet verified the hackers’ assertions about the stolen information.
The emails originated from hundreds of compromised email accounts, including one linked to a financially motivated cybercrime group associated with the Clop ransomware gang. Genevieve Stark, Google’s head of cybercrime analysis, confirmed the activity but noted that the actual claims of data theft remain unsubstantiated.
Charles Carmakal, chief technology officer of Google’s Mandiant incident response unit, explained that the emails sent to executives included contact addresses listed on Clop’s data leak website. This tactic is commonly used by ransomware groups to coerce victims into paying to prevent the public release of their confidential files.
Clop has established itself as a highly active hacking collective, having breached hundreds of organizations in recent years. The group frequently exploits previously unknown security flaws, referred to as zero-day vulnerabilities, that software vendors have not yet patched. These vulnerabilities have enabled the hackers to compromise multiple organizations simultaneously, leading to the theft of personal data belonging to tens of millions of individuals.
In one reported instance, the hackers demanded a staggering $50 million from a targeted company. This information came from counter-ransomware firm Halcyon, which is actively responding to the campaign. Halcyon did not, however, respond to a request for comment from TechCrunch regarding the matter.
According to additional reports, the attackers gained access by using compromised user emails and manipulating the default password-reset feature. This allowed them to obtain valid credentials for Oracle E-Business Suite web portals, which are accessible over the internet.
Oracle E-Business Suite is a comprehensive collection of applications designed to help businesses manage critical operations, including customer databases, employee records, and human resources information. Oracle states on its official website that thousands of organizations worldwide depend on the E-Business Suite to support their daily corporate functions.
Oracle spokesperson Deborah Hellinger did not respond to a request for comment regarding the extortion campaign.
(Source: TechCrunch)
