Particle.news
Download on the App Store
17 ARTICLES
·
2h ago

Extortion Emails Claim Oracle E‑Business Suite Data Theft as Probes Flag Cl0p-Linked Contacts

Researchers describe a high‑volume campaign from hundreds of compromised accounts pressuring executives, with no verified breaches and the attackers’ identity still unconfirmed.

In a statement, Google said a group claiming affiliation with the ransomware gang cl0p was sending emails to executives at numerous organizations
The new Google logo is seen in this illustration taken May 13, 2025. REUTERS/Dado Ruvic/Illustration/File Photo
Oracle logo is seen in this illustration taken September 9, 2025. REUTERS/Dado Ruvic/Illustration
Oracle E-Business Suite hack

Overview

  • Mandiant and Google Threat Intelligence Group say the emails started on or before September 29 and were sent to executives from hundreds of compromised third‑party accounts.
  • Investigators verified that contact addresses in the notes match entries on Cl0p’s data leak site, and at least one sender account is associated with FIN11 activity.
  • GTIG and Mandiant report no corroborated evidence that Oracle E‑Business Suite environments were breached, and Oracle has not commented.
  • Halcyon, cited by Bloomberg, reported seven‑ and eight‑figure ransom demands, including one up to $50 million, and shared screenshots and file trees; these specifics remain unverified by investigators.
  • A sample email published by CyberScoop shows broken English, an offer to display any three files as “proof,” and tight deadlines, and responders advise organizations to review EBS access logs and mobilize incident response.