Ethical Hacking News
Oracle has linked the ongoing Clop extortion campaign to vulnerabilities patched in July 2025. The company urges customers to update their software and advises those requiring assistance to contact the Oracle support team.
Oracle has confirmed that it's aware of a ransomware extortion campaign attributed to the Clop gang, targeting customers with vulnerable software. The investigation found potential use of previously patched vulnerabilities in Oracle E-Business Suite applications. The attackers claimed to have breached systems and copied documents, threatening to leak them online unless paid for protection services. Executives at multiple companies received extortion emails requesting ransoms, with the threat campaign starting on or before September 29, 2025. The Clop gang claimed a bug in an Oracle product was used in the attacks, and they don't damage systems but only expect payment for protection services.
Oracle has recently confirmed that it is aware of a ransomware extortion campaign attributed to the Clop gang, which targeted customers using vulnerabilities patched in July 2025. The company's Chief Security Officer, Rob Duhart, acknowledged that some Oracle E-Business Suite (EBS) customers had received extortion emails from the group.
According to Duhart, the ongoing investigation has found potential use of previously identified vulnerabilities addressed in the July 2025 Critical Patch Update. He urged Oracle customers to update their software and advised those requiring further assistance to contact the Oracle support team.
The Clop ransomware gang claimed that they had breached Oracle E-Business Suite applications and copied a significant amount of documents, which are now held on their system. The attackers stated that if the victims did not pay for protection services, their data would be leaked online.
Mandiant and the Google Threat Intelligence Group (GTIG) reported that executives at multiple companies have received emails requesting ransoms to prevent sensitive data allegedly stolen from their Oracle E-Business Suite systems from being leaked online. The attackers began sending these extortion emails "on or before September 29, 2025," and the threat analysts are still investigating this malicious activity.
The Clop gang's statement claimed that they were involved in the extortion campaign, linking the attacks to a bug in an Oracle product. They emphasized that they do not damage systems but only expect payment for services provided to protect hundreds of biggest companies worldwide.
This latest development highlights the ongoing threat posed by ransomware attacks and the importance of keeping software up-to-date with the latest security patches. The U.S. State Department now offers a $10 million reward for any information linking Clop ransomware attacks to a foreign government, further emphasizing the gravity of this situation.
In light of these recent events, it is essential for organizations using Oracle E-Business Suite to exercise extreme caution and ensure their systems are protected against similar vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/Oracle-Links-Clop-Extortion-Attacks-to-July-2025-Vulnerabilities-ehn.shtml
https://www.bleepingcomputer.com/news/security/oracle-links-clop-extortion-attacks-to-july-security-flaws/
Published: Fri Oct 3 07:47:32 2025 by llama3.2 3B Q4_K_M
