Google's cybersecurity experts have just warned about a large-scale attack campaign carried out by the Clop hacker group, targeting Oracle E-Business Suite software, leading to the theft of data from dozens of organizations.
This is seen as the first sign that the scope of the campaign could spread globally.
According to Google, the Clop group took advantage of a serious security vulnerability (zero-day) in Oracle E-Business Suite, a business software platform used to manage customer data, finances and human resources...
Oracle was forced to release an emergency patch to stop the ongoing exploit.
This vulnerability, identified as CVE-2025-61882, has a severity score of 9.8/10, and allows attackers to execute remote code without authentication, just by accessing via HTTP protocol.
Once successfully exploited, the hacker could gain complete control of the Oracle E-Business Suite system's Concurrent Processing.
According to analysts, the attack campaign began on July 10, 2025, three months before the first organizations detected signs of intrusion in early October.
Executives at several US companies then received ransom emails in which hackers claimed to be in possession of sensitive data files stolen from their systems.
Google said the Clop group was the main mastermind of the campaign, which has been behind a series of large-scale ransomware attacks that exploited zero-day vulnerabilities in file transfer tools such as MOVEit, Cleo, and GoAnywhere.
Several technical indicators also suggest a link between this campaign and the FIN11 group, a financially motivated cybercrime syndicate, along with Scattered Lapsus$ Hunters.
Charles Carmakal, CTO of Mandiant-Google Cloud, confirmed that the ransom emails were sent from hundreds of compromised email accounts, including at least one account previously associated with FIN11 activity.
Initially, Oracle's Chief Security Officer Rob Duhart posted a notice claiming the vulnerabilities had been fixed in July, implying that the attacks had ended, but the notice was later removed.
Just days later, Oracle was forced to admit that hackers were still exploiting its software to steal personal data and corporate documents. Oracle immediately released a new emergency patch, confirming the existence of the zero-day.
Google has published email addresses, indicators of compromise (IoCs), and technical guidance to help cybersecurity professionals check if their Oracle systems have been compromised.
Oracle insists customer payment data was not affected, but experts warn that personnel data and operational information may have been leaked.
Security experts recommend that businesses immediately update the latest patch of Oracle E-Business Suite; monitor HTTP access logs and unusual activities related to Concurrent Processing as well as perform a forensic audit if they suspect an intrusion.
This attack campaign once again shows the growing risk from zero-day vulnerabilities in enterprise software, and emphasizes the need for rapid patching and proactive monitoring in the context of increasingly sophisticated cybercrime./.
Source: https://www.vietnamplus.vn/my-hang-chuc-doanh-nghiep-bi-danh-cap-du-lieu-do-lo-hong-cua-oracle-post1069449.vnp
![[Photo] Dan Mountain Ginseng, a precious gift from nature to Kinh Bac land](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F11%2F30%2F1764493588163_ndo_br_anh-longform-jpg.webp&w=3840&q=75)
Comment (0)