Google security researchers say hackers targeting company executives with extortion emails stole data from “dozens of organizations,” one of the first signs that the hacking campaign could be large-scale.
The tech giant said in a statement shared with TechCrunch on Thursday that the Clop extortion gang exploited several security vulnerabilities in Oracle’s E-Business Suite software to steal significant amounts of data from affected organizations.
Oracle’s E-Business software helps businesses manage their operations, such as storing their customer data and employee human resources records.
Google said in a corresponding blog post that the hacking campaign targeting Oracle customers dates back to at least July 10, about three months before the hacks were first detected.
Oracle acknowledged earlier this week that the hackers behind the extortion campaign continued to abuse its software to steal personal information about company executives and their companies. Days earlier, Oracle security chief Rob Duhart claimed in the same post – since deleted – that the extortion campaign was linked to previously identified vulnerabilities that Oracle patched in July, suggesting the hacks were over.
But in a security advisory released over the weekend, Oracle said the zero-day bug — so named because Oracle didn’t have time to patch it because it was already being exploited by hackers — could be “exploited over a network without the need for a username and password.”
The Russia-linked ransomware and extortion group Clop has made a name for itself in recent years with its massive hacking campaigns, often involving the exploitation of vulnerabilities unknown to the software company at the time of their exploitation, to steal large amounts of corporate and customer data. This includes managed file transfer tools, such as Cleo Software, MOVEit, and GoAnywhere, that businesses use to send sensitive corporate data over the Internet.
Google’s blog post includes email addresses and other technical details that network defenders can use to search for extortion emails and other indications that their Oracle systems may have been compromised.
John Harbaugh agreed Saturday to become coach of the New York Giants, finalizing the longtime big-market franchise's all-out search for…
Virginia Gov. Abigail Spanberger (D) moved quickly to change direction at the state's universities in her first hours in office…
Lamar Odom faces new legal problems. The two-time NBA champion was arrested and convicted of driving under the influence on…
Polling for the Maharashtra municipal corporation elections, including that of the crucial and cash-rich Brihanmumbai Municipal Corporation (BMC), will be…
Trump appears to rule out Hassett as Fed chairman in his comments.Trump said Hassett was good on television today and…
An incredibly costly fumble by Josh Allen changed the game just before halftime today in Denver.After the Broncos scored a…