Tire industry leader Michelin has officially confirmed experiencing a data breach, which is part of a larger cybercrime operation targeting entities using Oracle’s E-Business Suite (EBS) software.
Details of the Cyber Attack
The attack has been attributed to the Cl0p ransomware and extortion group, which utilized undisclosed zero-day vulnerabilities to infiltrate systems hosting data via Oracle’s enterprise management software. This group is known for its sophisticated methods and is believed to work alongside FIN11, a network of experienced cybercriminals.
Over 100 organizations were reportedly compromised in this campaign, with Cl0p publicly listing these targets on their website. Michelin, a major player in the tire manufacturing sector, confirmed to SecurityWeek its inclusion in this list of affected entities.
Michelin’s Response and Investigation
A Michelin representative expressed that, like many organizations, they face cyber threats regularly. Despite their robust security protocols, they were impacted along with numerous other companies. Following the breach, Michelin’s security team launched an intensive investigation, concluding that a zero-day vulnerability in Oracle EBS was exploited during the attack.
The spokesperson assured that Michelin’s expertise enabled them to take timely corrective measures, successfully mitigating the issue. They emphasized that the breach involved a minimal amount of non-sensitive data, and no critical IT information was compromised.
Implications and Broader Impact
Importantly, Michelin noted that ransomware was not part of this particular incident, and their global systems remained unaffected. They reassured stakeholders of their commitment to safeguarding customer and partner data and services.
Meanwhile, the cybercriminals have reportedly released over 315GB of archives, allegedly containing Michelin’s data. Preliminary evaluations suggest that these files may indeed have originated from an Oracle EBS environment.
In related developments, Madison Square Garden also disclosed their involvement in the Oracle EBS campaign, following the hackers’ release of over 210GB of their data a few months ago.
This breach underscores the persistent threat of sophisticated cyber attacks and the importance of ongoing vigilance and robust security measures for organizations worldwide.
