According to security researchers at Google, the Clop extortion gang has stolen data from “dozens of organizations” by exploiting multiple security vulnerabilities in Oracle’s E-Business Suite software. A statement and blog post from Google on Thursday indicated the hacking campaign, which targets corporate executives with extortion emails, dates back to at least July 10.
Earlier this week, Oracle acknowledged that hackers were still actively abusing a zero-day vulnerability in its software to steal personal and corporate data. This followed an earlier, now-removed, statement from the company’s chief security officer that had suggested the campaign was over and linked to vulnerabilities patched in July. In a security advisory, Oracle described the flaw as a bug that can be “exploited over a network without the need for a username and password.”
The attackers have been identified as the Russia-linked Clop ransomware and extortion gang, which has a history of conducting mass-hacking campaigns using zero-day vulnerabilities in corporate software, such as managed file transfer tools. Oracle’s E-Business Suite is used by companies to manage operations and store sensitive data, including customer information and employee HR files.
To assist network defenders, Google’s blog post provides technical details and indicators of compromise, including specific email addresses, to help organizations identify if their Oracle systems have been affected.
