Categories: Technology

“Dozens” of organizations had data stolen in Oracle-related hacks

Google security researchers say hackers targeting company executives with extortion emails stole data from “dozens of organizations,” one of the first signs that the hacking campaign could be large-scale.

The tech giant said in a statement shared with TechCrunch on Thursday that the Clop extortion gang exploited several security vulnerabilities in Oracle’s E-Business Suite software to steal significant amounts of data from affected organizations.

Oracle’s E-Business software helps businesses manage their operations, such as storing their customer data and employee human resources records.

Google said in a corresponding blog post that the hacking campaign targeting Oracle customers dates back to at least July 10, about three months before the hacks were first detected.

Oracle acknowledged earlier this week that the hackers behind the extortion campaign continued to abuse its software to steal personal information about company executives and their companies. Days earlier, Oracle security chief Rob Duhart claimed in the same post – since deleted – that the extortion campaign was linked to previously identified vulnerabilities that Oracle patched in July, suggesting the hacks were over.

But in a security advisory released over the weekend, Oracle said the zero-day bug — so named because Oracle didn’t have time to patch it because it was already being exploited by hackers — could be “exploited over a network without the need for a username and password.”

The Russia-linked ransomware and extortion group Clop has made a name for itself in recent years with its massive hacking campaigns, often involving the exploitation of vulnerabilities unknown to the software company at the time of their exploitation, to steal large amounts of corporate and customer data. This includes managed file transfer tools, such as Cleo Software, MOVEit, and GoAnywhere, that businesses use to send sensitive corporate data over the Internet.

Google’s blog post includes email addresses and other technical details that network defenders can use to search for extortion emails and other indications that their Oracle systems may have been compromised.

Source link

James Walker

James Walker – Technology Correspondent Writes about AI, Apple, Google, and emerging innovations.

Recent Posts

It’s time for game developers to bring back the cheat code

For gamers of a certain age, sequences of gibberish characters like idkfa, torg, ABACABB, and UUDDLRLRBA are akin to long-lost…

4 minutes ago

Astros fire coaches Alex Cintrón and Troy Snitker (source)

HOUSTON — After missing their first postseason since 2016, the Astros have made significant changes to their coaching, front office…

5 minutes ago

Democratic North Carolina lawmaker Cecil Brockman accused of raping 15-year-old girl

A North Carolina Democratic state representative was arrested and charged Wednesday with the rape of a teenage girl. Rep. Cecil…

7 minutes ago

US opens investigation into Tesla after new accidents involving its self-driving technology

NEW YORK (AP) – Federal regulators are still open another investigation in Tesla's self-driving feature after dozens of incidents in…

8 minutes ago

Spectrum App Store launches with streaming services

Charter Communications and its Spectrum brand have spent the last few years reinventing their pay TV product for the streaming…

13 minutes ago

Once the ceasefire takes effect in Gaza, what will happen next? : NPR

Displaced Palestinians gather on the coastal road near Wadi Gaza following the announcement that Israel and Hamas have agreed to…

14 minutes ago