Particle.news
Download on the App Store
21 ARTICLES
·
1h ago

Oracle Confirms Extortion Emails Targeting E‑Business Suite Customers

Oracle urges upgrades after finding possible use of previously identified vulnerabilities.

In a statement, Google said a group claiming affiliation with the ransomware gang cl0p was sending emails to executives at numerous organizations
The new Google logo is seen in this illustration taken May 13, 2025. REUTERS/Dado Ruvic/Illustration/File Photo
Oracle logo is seen in this illustration taken September 9, 2025. REUTERS/Dado Ruvic/Illustration
Oracle E-Business Suite hack

Overview

  • Google’s GTIG and Mandiant say a high‑volume campaign began on or before September 29, with emails sent from hundreds of compromised third‑party accounts.
  • Investigators have not substantiated claims of Oracle E‑Business Suite data theft, though contact details in the notes match addresses on Cl0p’s leak site.
  • At least one sending account has prior links to FIN11, a financially motivated group associated with ransomware and extortion operations.
  • Security firms report seven‑ and eight‑figure ransom demands, including a case at $50 million, and say attackers have shared screenshots and file trees as purported proof.
  • Some reporting cites possible credential abuse through compromised email and default password‑reset flows, and responders advise EBS customers to review logs, validate any proofs, and apply updates.