Hackers are sending extortion emails to executives after claiming Oracle apps' data breach | TechCrunch
Key Takeaways
- Hackers linked to the Clop ransomware group are sending extortion emails to executives at large organizations.
- The hackers claim to have stolen sensitive information from a suite of business software products developed by Oracle.
- The extortion emails began around September 29 and were sent from hundreds of compromised accounts.
- Mandiant confirmed the connection, noting the emails direct victims to Clop's data leak site.
- Clop frequently exploits zero-day vulnerabilities to conduct large-scale data thefts.
Google has revealed that hackers affiliated with the prolific Clop ransomware group are targeting executives at many large organizations with extortion demands, alleging the theft of sensitive data from Oracle's suite of business software products. Genevieve Stark of Google's cybercrime analysis team stated that these emails started circulating around September 29, though the claims have not yet been substantiated by the tech giant. The threats were distributed via hundreds of compromised accounts, including one linked to a known financially motivated cybercrime group allied with Clop. Charles Carmakal of Mandiant noted that the emails contained contact information found on Clop’s data leak site, which the group uses to pressure victims into paying ransoms. Clop is notorious for exploiting zero-day vulnerabilities to breach numerous companies at once, resulting in the theft of data affecting tens of millions of individuals. Reports suggest the hackers gained access to Oracle E-Business Suite web-portals using compromised user emails and abusing the default password-reset function.
