Security researchers at Google have uncovered a widespread hacking campaign targeting corporate executives with extortion emails, leading to the theft of data from “dozens of organizations.” This marks one of the first indications of the campaign’s far-reaching nature. According to a statement shared with TechCrunch, the Clop extortion gang is responsible, having exploited multiple security vulnerabilities in Oracle’s E-Business Suite software to steal significant amounts of data. This software is widely used by companies to manage their operations, including storing sensitive customer and employee data. The tech giant’s findings suggest the campaign began as early as July 10, well before the hacks were initially detected.
Oracle recently admitted that the hackers were still actively abusing their software to steal personal information about executives and their companies. This contradicts an earlier statement from Oracle’s chief security officer, Rob Duhart, who had claimed in a since-removed post that the extortion campaign was linked to vulnerabilities patched in July, suggesting the threat was contained. However, a security advisory published by Oracle over the weekend revealed the hackers were exploiting a “zero-day” bug—a vulnerability unknown to the vendor at the time it was being exploited—that could be abused over a network “without the need for a username and password.”
The Russia-linked Clop ransomware and extortion gang has gained notoriety for orchestrating large-scale hacking campaigns. They often abuse vulnerabilities that are unknown to the software vendor when they are exploited to steal vast quantities of corporate and customer data. In the past, this has included targeting managed file transfer tools like Cleo, MOVEit, and GoAnywhere, which companies use to send sensitive corporate information over the internet.
Google’s corresponding blog post provides crucial technical details, such as specific email addresses, that network defenders can use to identify extortion emails and other signs that their Oracle systems may have been compromised. This information can help organizations protect themselves from the ongoing threat and investigate potential breaches.
Reference:
