Particle.news
Download on the App Store
4 ARTICLES
·
3h ago

Google Says Clop Used Oracle E‑Business Suite Zero‑Day to Steal Data from Dozens, With 100+ Likely

The assessment follows GTIG and Mandiant findings detailing an ongoing zero‑day exploit chain against Oracle E‑Business Suite.

Larry Ellison, co-founder and executive chairman of Oracle Corp., speaks during the Oracle OpenWorld 2018 conference in San Francisco, California, U.S., on Monday, Oct. 22, 2018. Ellison announced a series of updates injecting more automation and intelligence into Oracle's cloud applications. Photographer: David Paul Morris/Bloomberg
Larry Ellison, the chief technology officer of Oracle

Overview

  • Google and Mandiant report that data theft began by August 9 after activity traced to at least July 10, with extortion emails to executives starting September 29.
  • Oracle issued an emergency advisory and patch on October 4 for CVE-2025-61882, and Google says EBS servers updated with that patch are likely protected against known exploit chains.
  • Researchers at watchTowr say the intruders chained at least five defects to achieve pre‑authenticated remote code execution on Oracle E‑Business Suite.
  • Internet scans by Shadowserver on October 6 identified 576 potentially vulnerable EBS instances, indicating significant exposure remains.
  • Halcyon reports ransom demands reaching up to $50 million, and while evidence points to Clop, Google notes other groups may be involved and rules out UNC6240 involvement.