Hackers are sending extortion emails to executives after claiming Oracle apps’ data breach

Google says hackers associated with a prolific ransomware radical are sending extortion emails to executives astatine “numerous” ample organizations aft claiming to person stolen their delicate accusation from a suite of concern bundle products developed by Oracle.

In a connection provided to TechCrunch, Google’s caput of cybercrime investigation Genevieve Stark said the hackers began sending emails to executives astir September 29, but that the tech elephantine has not yet substantiated the hackers’ claims.

The emails were sent from hundreds of compromised accounts, including 1 utilized by a known financially motivated cybercrime radical affiliated with the Clop ransomware gang. 

Charles Carmakal, the main exertion serviceman of Google’s incidental effect portion Mandiant, told TechCrunch that the malicious emails sent to executives contained interaction addresses that are listed connected Clop’s information leak site, which the hackers usage to unit victims into paying them to region their stolen files.

Clop is simply a prolific hacking radical that has hacked hundreds of companies successful recent years, often by exploiting antecedently undiscovered information flaws that are chartless to the bundle maker, known arsenic zero-day vulnerabilities. These flaws person allowed the hacking radical to breach aggregate organizations astatine once, allowing the theft of information connected at slightest tens of millions of people.

Bloomberg reported that successful 1 lawsuit the hackers demanded $50 cardinal from an affected company, citing the counter-ransomware steadfast Halcyon, which is responding to the hacking run but did not instrumentality a petition for remark from TechCrunch.

According to Bloomberg, the hackers utilized compromised idiosyncratic emails and abused the default password-reset relation to summation moving credentials for Oracle E-Business Suite web-portals that are accessible from the internet.

Oracle E-Business Suite is simply a acceptable of products developed by tech elephantine Oracle to assistance companies negociate their lawsuit databases, worker information, and quality resources files. Oracle says on its website that thousands of organizations astir the satellite trust connected its E-Business Suite to tally their companies. 

Oracle spokesperson Deborah Hellinger did not instrumentality a petition for remark connected Thursday.

Do you cognize much astir the extortion campaign? Are you an enforcement who received an extortion threat? We would emotion to perceive from you and tin support you anonymous. Securely interaction this newsman via encrypted connection astatine zackwhittaker.1337 connected Signal.