Dozens of organizations have had their data stolen in Oracle-linked hacks

Hackers targeting company executives with extortion emails have stolen data from “dozens of organizations,” security researchers at Google say, one of the first signs that the hacking campaign may be far-reaching.

The Clop extortion gang exploited multiple security vulnerabilities in Oracle’s E-Business Suite software to steal large amounts of data from affected organizations, the tech giant said Thursday in a statement shared with TechCrunch.

Oracle eBusiness software allows companies to manage their operations, such as storing their customers’ data and their employees’ HR files.

Google said in Interview blog post The hacking campaign targeting Oracle customers dates back to at least July 10, about three months before the breaches were first discovered.

Oracle admitted earlier this week that the hackers behind the extortion campaign were… She is still abusing her software To steal personal information about corporate executives and their companies. Days earlier, Rob Duhart, Oracle’s chief security officer, claimed in the same post — since deleted — that the extortion campaign was linked to previously identified vulnerabilities that Oracle patched in July, suggesting the hacks were over.

But in A Security consultation Published over the weekend, Oracle said the zero-day bug — named because Oracle did not have time to fix the bug, as it had already been exploited by hackers — could be “exploited over a network without requiring a username and password.”

The Russia-linked Clop ransomware and extortion gang has made a name for itself in recent years through mass hacking campaigns, which often involve abusing vulnerabilities unknown to the software vendor at the time of the exploit, to steal large amounts of corporate and customer data. This includes managed file transfer tools, e.g Cleo, MOVEitand Go anywhereWhich companies use as a means of sending sensitive company data over the Internet.

Google’s blog post includes email addresses and other technical details that network defenders can use to look for extortion emails and other indicators that their Oracle systems may have been compromised.