Particle.news
Download on the App Store
29 ARTICLES
·
6d ago

Oracle Confirms Extortion Emails Hitting E‑Business Suite Customers as Investigators Probe Known Flaws

Oracle points to possible use of E‑Business Suite bugs fixed in July, with no confirmed widespread data theft.

In a statement, Google said a group claiming affiliation with the ransomware gang cl0p was sending emails to executives at numerous organizations
The new Google logo is seen in this illustration taken May 13, 2025. REUTERS/Dado Ruvic/Illustration/File Photo
Oracle logo is seen in this illustration taken September 9, 2025. REUTERS/Dado Ruvic/Illustration
Oracle E-Business Suite hack

Overview

  • Oracle says some E‑Business Suite customers received extortion emails and its probe indicates potential exploitation of vulnerabilities addressed in the July 2025 Critical Patch Update.
  • Mandiant and Google GTIG report a high‑volume campaign sent from hundreds of compromised third‑party accounts, with at least one previously tied to FIN11 activity.
  • Contact addresses in the emails match those listed on Cl0p’s data leak site, but investigators say attribution and the scope of any data theft remain unverified.
  • Incident responders cited by outlets report seven‑ and eight‑figure demands, including a case at $50 million, and alleged screenshots or file trees that have not been independently validated.
  • Some reporting suggests attackers may have abused compromised user emails and default password‑reset flows to obtain EBS credentials, and organizations are urged to apply July patches, audit access, and review logs.