• Business

    Cybercrime gang claims Oracle apps breach, extorts top executives

    AnyFans Posted on

    Cybercrime gang claims Oracle apps breach, extorts top executives

    Executives at large organizations are being extorted by a notorious ransomware group, which claims to have stolen data from them via Oracle Corp.’s popular E-Business Suite applications, according to a Google cybersecurity executive and three others familiar with the matter.

    The group, claiming to be affiliated with a criminal outfit called Cl0p, began sending extortion emails on or before Sept. 29, according to Genevieve Stark, head of cybercrime at Google Threat Intelligence Group. The emails were sent from hundreds of compromised third-party accounts and claim the theft of data, she said.

    The Oracle product runs core business operations including financial, supply chain and customer relationship management.

    The extortion emails include sloppy English and grammar, according to one of the people, but are considered characteristic of the group. At least one of the email addresses used on the extortion notes was previously used by an affiliate of Cl0p, and the messages contain contact details that are listed on Cl0p’s own website, Stark said.

    Alphabet Inc.’s Google doesn’t yet have sufficient evidence to verify the claims made in the extortion demands, she said. The other people familiar with the matter, who asked not to be named discussing private information, didn’t disclose the targets of the extortion letters or whether any of the victims had paid a ransom.

    An Oracle spokesperson didn’t respond to a request for comment.

    Cl0p is known for targeting large companies with sophisticated malware to lock files and make ransom demands for their deletion. In 2023, Cl0p was accused of exploiting weaknesses in MOVEit, a file-transfer product used by companies and organizations to transmit sensitive data, and it claimed to have obtained data from hundreds of organizations.

    Shell Plc, IAG SA’s British Airways and the British Broadcasting Corp. were among the victims of that earlier attack.

    In June 2023, the US Cybersecurity and Infrastructure Security Agency issued an advisory about Cl0p, stating it was “one of the largest phishing and malspam distributors worldwide,” estimating it to have compromised more than 3,000 organizations in the US and 8,000 globally.

    More stories like this are available on bloomberg.com

    ©2025 Bloomberg L.P.

    Published on October 2, 2025

    You Might Also Like