Particle.news
Download on the App Store
5 ARTICLES
·
54m ago

Oracle Customers Targeted by Extortion Emails Claiming E‑Business Suite Data Theft

Security teams are investigating a campaign launched via compromised third‑party accounts with unverified attribution.

The new Google logo is seen in this illustration taken May 13, 2025. REUTERS/Dado Ruvic/Illustration/File Photo
Image

Overview

  • Researchers report a surge of targeted emails to company executives claiming theft from Oracle E‑Business Suite environments.
  • Mandiant says hundreds of compromised accounts are sending the messages, and two listed contact addresses appear on Clop’s data leak site.
  • Investigators have not verified any data exfiltration or confirmed that Clop is behind the operation.
  • The emails do not name a ransom amount and instead urge recipients to make contact to begin negotiations.
  • Google Threat Intelligence Group dates the activity to on or before September 29, Oracle has not responded to requests for comment, and Mandiant notes at least one sending account was previously tied to FIN11.