Ethical Hacking News
Oracle Execs Receive Extortion Emails Claiming Sensitive Data Stolen from E-Business Suite
Oracle has been targeted by a series of "high-volume" cybercrime extortion emails claiming sensitive data was stolen from its E-Business Suite. The campaign appears to be linked to the notorious Clop ransomware crew and may be an opportunistic scam using Oracle's name to extort money. The authenticity of the claims is unclear, with researchers still investigating the incident and Mandiant CTO Charles Carmakal suggesting a possible association with Clop. Oracle's E-Business Suite contains sensitive customer data, making it an attractive target for cybercriminals. The extortion emails highlight the need for organizations to remain vigilant and proactive in protecting themselves against cybercrime extortion threats.
Oracle, a leading enterprise software vendor, has become the latest high-profile target of cybercrime extortion emails. Researchers from Google's Threat Intelligence Group (GTIG) and Mandiant have been tracking a series of "high-volume" emails sent to Oracle executives, claiming that sensitive data has been stolen from the company's E-Business Suite.
The campaign, which began last month, appears to be the work of cybercriminals with possible ties to the notorious Clop ransomware crew. The attackers are using email-based extortion attempts to extort money from Oracle, without releasing any public evidence of a breach or vulnerability in the company's software.
According to Genevieve Stark, head of cybercrime and information operations intelligence analysis at GTIG, "This activity began on or before September 29, 2025, but Mandiant's experts are still in the early stages of multiple investigations, and have not yet substantiated the claims made by this group." The lack of proof has raised questions about whether the extortionists genuinely obtained customer data or if this is an opportunistic scam using Oracle's name to scare execs into paying up.
Mandiant CTO Charles Carmakal told The Register that two specific contact addresses used in the malicious emails are publicly listed on Clop's dark web leak site. "This move strongly suggests there's some association with Clop and they are leveraging the brand recognition for their current operation," he added. The use of Clop's branding is a telling detail, as the group has a long history of targeting enterprise software vendors and exploiting high-value platforms.
Oracle's E-Business Suite contains some of the most sensitive data handled by enterprises, making it an attractive target for cybercriminals. The company has been a catnip for crooks in the past due to its deep roots in corporate IT estates. However, the alleged breach raises serious concerns about the security of Oracle's software and the potential for sensitive customer data to be compromised.
The extortion emails have left Oracle executives in a tricky spot: take the threats seriously enough to dig in, but without giving oxygen, or cash, to what could just be a cheap bluff. In this context, the fear of exposure remains one of the most powerful weapons in the cybercriminal arsenal. By claiming access to sensitive data, attackers can increase the pressure on corporate boards and CISOs, regardless of whether they have the goods.
For now, Mandiant and GTIG are focused on helping organizations figure out if anyone is actually breached. As the investigation continues, it remains unclear whether the extortionists genuinely obtained customer data or if this is an opportunistic scam using Oracle's name to scare execs into paying up. One thing is certain, however: the rise of cybercrime extortion emails like these highlights the need for organizations to remain vigilant and proactive in protecting themselves against these types of threats.
In a broader sense, the Clop-linked campaign underscores the evolving nature of cybercrime and the tactics used by attackers to extort money from high-profile targets. As cybersecurity continues to evolve, it is essential that organizations stay informed about the latest threats and take steps to protect themselves against these types of attacks.
The impact of this extortion campaign will be closely watched in the coming days and weeks as Mandiant and GTIG continue their investigation into the alleged breach. For now, Oracle executives are left to navigate a complex web of uncertainty, where the line between legitimate concern and opportunistic scam is increasingly blurred.
Oracle Execs Receive Extortion Emails Claiming Sensitive Data Stolen from E-Business Suite
Related Information:
https://www.ethicalhackingnews.com/articles/Clopin-Down-The-Rise-of-Extortion-Emails-Targeting-Oracle-Execs-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/10/02/clop_oracle_extortion/
https://www.theregister.com/2025/10/02/clop_oracle_extortion/
https://www.cybersecuritydive.com/news/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data/743981/
Published: Thu Oct 2 08:37:51 2025 by llama3.2 3B Q4_K_M
