Hackers linked to the major Clop ransomware group are sending extortion emails to executives at numerous large organizations, claiming to have stolen sensitive data from business software developed by Oracle.
Extortion Campaign Details
Google's head of cybercrime analysis, Genevieve Stark, confirmed the hackers began sending these emails around September 29. The emails were sent from hundreds of compromised accounts, including one previously used by a known cybercrime group affiliated with Clop.
Charles Carmakal, CTO of Google's Mandiant unit, noted that the malicious emails sent to executives included contact addresses listed on Clop’s data leak site. This site is where the hackers pressure victims to pay them to prevent the release of their stolen files. In one reported case, the hackers demanded $50 million from an affected company.
The victims were compromised through Oracle E-Business Suite, a software package Oracle provides to thousands of organizations worldwide to manage critical data like customer databases, employee information, and HR files.
Hacking Method
According to Bloomberg, the hackers used compromised user emails and exploited the default password-reset function to obtain working credentials for the Oracle E-Business Suite web portals accessible via the internet.
Clop is a notorious hacking group known for breaching hundreds of companies, often by exploiting zero-day vulnerabilities, previously unknown flaws in software. These large-scale attacks have enabled the group to steal data concerning tens of millions of people.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
