Particle.news
Download on the App Store
14 ARTICLES
·
2h ago

Cl0p-Branded Extortion Emails Claim Oracle E‑Business Suite Data Theft, Investigations Ongoing

Investigators report Cl0p-branded emails from compromised accounts with no evidence so far of stolen Oracle data.

In a statement, Google said a group claiming affiliation with the ransomware gang cl0p was sending emails to executives at numerous organizations
The new Google logo is seen in this illustration taken May 13, 2025. REUTERS/Dado Ruvic/Illustration/File Photo
Oracle E-Business Suite hack
Oracle

Overview

  • Google Threat Intelligence Group and Mandiant say a high-volume campaign began on or before September 29, targeting executives via hundreds of compromised third-party accounts.
  • Two contact addresses in the emails match entries on Cl0p’s data leak site, and at least one sending account was previously linked to FIN11, though attribution remains unconfirmed.
  • Researchers have not validated any data exfiltration or identified a specific malware family, and Oracle has not responded to requests for comment.
  • The messages generally ask targets to initiate contact rather than stating a demand, while separate reports cite seven- and eight-figure asks and shared screenshots that have not been independently verified.
  • Unconfirmed reporting suggests attackers may have used compromised user emails and abused a default password-reset flow to obtain Oracle E‑Business Suite portal credentials.