Ethical Hacking News
Oracle has confirmed that some E-Business Suite users have been targeted by Clop-linked ransomware attackers, leaving thousands of organizations exposed to potential data theft. Follow us for more updates on this developing story.
Thousands of organizations, including EBS users, are exposed to potential data theft due to the Clop-linked ransomware campaign.The issue stems from configuration and default business logic abuse rather than a specific vulnerability patched in July.Clop ransomware operators are actively extorting victims through local login pages on internet-facing Oracle EBS portals.Halcyon suggests "thousands" of organizations could be affected, leaving many exposed to potential data theft.The incident highlights the importance of staying vigilant in today's threat landscape and prioritizing security measures.
Oracle has finally broken its silence on the recent Clop-linked ransomware campaign that targeted E-Business Suite (EBS) users, leaving thousands of organizations exposed to potential data theft. In a statement posted overnight, the database giant confirmed that some customers have been targeted by cybercriminals claiming to have siphoned off sensitive data and exploiting holes Oracle already patched in July.
According to Mandiant and Google's Threat Intelligence Group, there is no indication yet that Oracle itself has been compromised, but anti-ransomware outfit Halcyon suggests it's "highly likely" that Clop ransomware operators are actively extorting victims through the local login pages on internet-facing Oracle EBS portals. This campaign appears to be linked to a flaw patched in July, although Halcyon notes that the issue stems from configuration and default business logic abuse rather than a specific vulnerability.
The attackers have been using screenshots and file trees as proof of their handiwork, while slapping price tags as high as $50 million on their demands. While Oracle insists the activity traces back to a flaw it patched in July, Halcyon warns that "thousands" of organizations could be affected, leaving many of them exposed.
The campaign is part of a broader trend of ransomware attacks targeting businesses and organizations worldwide. In recent months, several high-profile ransomware groups have emerged, including Clop, REvil, and DarkSide. These groups have been using sophisticated tactics to evade detection and extort large sums of money from their victims.
Oracle's statement has provided some much-needed clarity on the situation, but it's still unclear how many customers might have been targeted, whether any data has been swiped, or whether Clop is behind the extortion attempts. The company's carefully worded blog post stops short of saying how many customers might have been affected, leaving many questions unanswered.
In response to the attack, Oracle recommends that EBS users apply the latest patch and follow best practices for security and data protection. This includes keeping software up-to-date, using strong passwords and two-factor authentication, and restricting access to sensitive information.
The incident highlights the importance of staying vigilant in today's threat landscape, where attackers are constantly adapting and evolving their tactics to evade detection. As the number of ransomware attacks continues to rise, it's crucial that organizations prioritize security and take proactive steps to protect themselves from potential threats.
In the meantime, Halcyon has issued a warning to thousands of organizations, advising them to patch their systems and implement additional security measures to prevent similar attacks. The incident serves as a stark reminder of the risks associated with using outdated software and failing to keep security up-to-date.
Related Information:
https://www.ethicalhackingnews.com/articles/Clop-Linked-Ransomware-Campaign-Exposes-Thousands-of-Organizations-Through-Vulnerabilities-Patched-in-July-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/10/03/oracle_ebs_clop_extortion/
Published: Fri Oct 3 08:23:05 2025 by llama3.2 3B Q4_K_M
