Clop hackers caught exploiting Oracle zero-day bug to steal executives’ personal data

Oracle has fixed a zero-day vulnerability successful 1 of its flagship concern bundle products that a hacking radical is presently abusing to bargain idiosyncratic accusation astir firm executives. 

In a little post updated implicit the weekend, Oracle main information serviceman Rob Duhart said the tech elephantine released a caller spot to hole a vulnerability successful its Oracle E-Business suite, and urged customers to instal the update arsenic soon arsenic possible.  

The security advisory said the bug, tracked officially arsenic CVE-2025-61882, tin beryllium “exploited implicit a web without the request for a username and password.” The advisory provided respective alleged indicators of compromise to assistance Oracle customers place grounds of hackers connected their systems, suggesting that hackers are presently exploiting the vulnerability to bargain customers’ delicate data. 

Oracle says thousands of organizations astir the satellite usage its E-Business Suite to tally their companies, including storing their lawsuit information and their employee’s quality resources files. 

The bug is known arsenic a zero-day due to the fact that Oracle, successful this case, was fixed nary clip to spot the bug earlier it was maliciously exploited. 

Duhart’s updated station is an about-face from earlier this week, erstwhile a erstwhile mentation of his station said Oracle was alert that immoderate executives “have received extortion emails” linked to antecedently identified vulnerabilities patched successful July, suggesting the extortion run was over. The recently identified zero-day bug suggests the hackers continued to exploit flaws successful Oracle’s E-Business bundle that were chartless to Oracle astatine the time. 

News of the extortion attempts targeting firm executives archetypal emerged past week.  

On October 2, Google information researchers said they recovered the prolific hacking radical called Clop, which has been linked to galore ransomware attacks and extortion attempts successful caller years, was sending emails to Oracle executives astir September 29 demanding wealth to not people their idiosyncratic accusation online. 

Charles Carmakal, the main exertion serviceman of Google’s incidental effect portion Mandiant, said successful a post published Sunday connected LinkedIn that the vulnerabilities successful Oracle’s E-Business bundle were being utilized successful a “mass exploitation” run for information theft and extortion.  

Much of the exploitation happened during August, said Carmakal, aft the July patches were released. 

“Clop has been sending extortion emails to respective victims since past Monday,” said Carmakal, but noted that the hackers haven’t reached retired to each victims yet.