Google has issued a warning that executives and IT teams at major organizations are being targeted by extortion attempts after hackers reportedly stole sensitive data from Oracle’s widely used E-Business Suite, according to Reuters. The attacks, linked to the Cl0p ransomware group, began in late September and involve ransom demands reaching up to $50 million, cybersecurity firms say.

 

Cl0p’s New Campaign

Hackers claim to have breached Oracle’s E-Business Suite, software that supports key corporate operations including finance, supply chain management, and customer relations. At least one affected company has confirmed a breach, while several others have received proof of access in the form of screenshots and file listings. Halcyon, a cybersecurity firm assisting with the response, reported that the ransom demands have reached seven- and eight-figure amounts.

 

How the Attacks Are Carried Out

Google’s Threat Intelligence Group noted that the extortion emails began circulating on or before September 29, sent through hundreds of hijacked third-party accounts. The attackers claimed to have exfiltrated corporate data and used email addresses previously tied to Cl0p affiliates. According to Halcyon, the hackers may have gained access by exploiting Oracle’s default password-reset process on internet-facing portals, although some experts suggest a software vulnerability could have been involved.

 

High-Stakes, Sloppy Communication

Sources familiar with the campaign said the ransom emails were full of spelling and grammar errors, a signature of Cl0p operations. Contact information matched that posted on Cl0p’s dark web leak site, though it is not yet clear if any organizations have paid the ransom. Oracle has not commented on the alleged breaches.

 

A Growing Global Threat