Google security researchers have reported that the hacking group Clop carried out a large-scale campaign to steal data from “dozens of organizations” by exploiting multiple vulnerabilities in Oracle E-Business Suite software, TechCrunch reports.
According to Google, the attackers gained access to a significant amount of company data through Oracle software and then sent emails to the executives of these companies with ransom demands.
Oracle E-Business Suite is used to manage business processes, including storing customer data and employee personnel files. According to Google, the attacks began on July 10, three months before they were discovered.
Oracle recently confirmed that hackers are still using its software to steal executives' personal data and corporate information. A few days earlier, Oracle's chief security officer Rob Dugarth said that the attacks were related to vulnerabilities that were patched back in July and that the threat was supposedly eliminated. However, in a new message, the company acknowledged the existence of a "zero-day" vulnerability (a vulnerability that is unknown to the developer) that allows a remote attack without entering a username and password.
The Clop hacking group is said to be of Russian origin and is known for large-scale attacks using vulnerabilities unknown to the vendors to steal large amounts of corporate and customer data. It has previously attacked file transfer services, including Cleo, MOVEit, and GoAnywhere.
On its blog, Google published technical details and email addresses that can help cybersecurity experts identify signs of compromise of Oracle systems to prevent further attacks.