High-Volume Extortion Campaign Targets Oracle E-Business Suite Users
A high-volume extortion campaign targeting executives and IT departments has been uncovered, with hackers exploiting vulnerabilities in Oracle's E-Business Suite software. The campaign, which began on or before 29 September, has raised concerns about data security and prompted investigations.
The US government first warned about vulnerabilities in Oracle software in 2018, with severe flaws found in the E-Business Suite in 2019. These flaws have now been exploited by hackers, who are likely connected to the notorious Cl0p ransomware group. The group is known for conducting high-volume email campaigns using compromised email accounts.
The extortion emails claim a breach involving Oracle's E-Business Suite and were sent to both executives and IT departments. The emails contain contact information also listed on the Clop data leak site, suggesting a potential connection to the FIN11 group, which is affiliated with Cl0p. However, it remains unclear how the hackers obtained access, with no specific malware identified yet. Companies receiving extortion emails are advised to investigate their systems for signs of access.
Oracle E-Business Suite manages various data types, including financial data, human resources, supply chains, and customer relationships. The attackers, potentially from FIN11, are known for targeting banks and utilities, and were behind the MOVEit File Transfer supply chain attack. Google has warned about the high-volume extortion campaign, but has not yet substantiated the actor's data breach claims.
The ongoing extortion campaign highlights the importance of robust cybersecurity measures, particularly for companies using Oracle's E-Business Suite. While investigations continue, companies should remain vigilant and take necessary steps to protect their data.
