Cybercriminals have named practically 30 organizations allegedly impacted by the current marketing campaign concentrating on clients of Oracle’s E-Enterprise Suite (EBS) enterprise useful resource planning options.
The marketing campaign, which concerned extortion emails being despatched to executives at dozens of organizations in late September, is believed to have been carried out by a cluster of a profit-driven menace actor tracked as FIN11.
The assaults had been claimed by the Cl0p (aka Clop) ransomware group. Cl0p was beforehand linked by the cybersecurity neighborhood to FIN11 and the choice to make use of it because the public-facing entity for the marketing campaign was possible motivated by its prior involvement in related high-impact campaigns concentrating on clients of Cleo, MOVEit, and Fortra file switch merchandise.
Twenty-nine alleged victims of the Oracle EBS hack have been listed on the Cl0p leak web site up to now. The organizations that had been the primary to be named, akin to Harvard College, South Africa’s Wits College, and American Airways subsidiary Envoy Air, confirmed being impacted shortly after they had been named by the attackers in mid-October.
Final week, The Washington Submit additionally confirmed it had been efficiently focused within the marketing campaign, however didn’t share any particulars, Reuters reported.
Nonetheless, a majority of the opposite alleged victims have but to verify struggling an information breach.
SecurityWeek has reached out for remark to a number of necessary organizations from the listing, however none responded. This contains industrial giants Schneider Electrical and Emerson, shopper electronics big Logitech, communications and automotive big Cox Enterprises, silver and gold producer Pan American Silver, automotive components agency LKQ Company, and HVAC firm Copeland.
Different alleged victims embody firms within the mining, skilled providers, wastewater, development, insurance coverage, monetary, manufacturing, transportation, know-how, automotive, power, and HVAC sectors. Commercial. Scroll to proceed studying.
The organizations impacted by the Oracle EBS hack are possible conducting investigations and a few of them possible don’t wish to share any info till these probes are accomplished. Others, as previous Cl0p assaults have proven, are possible attempting to keep away from the highlight by staying silent.
The cybercriminals leaked knowledge allegedly stolen from 18 victims, in some instances making public tons of of gigabytes and even a number of terabytes of recordsdata.
SecurityWeek has carried out solely a restricted structural evaluation of among the leaked recordsdata and concluded that they possible originated from an Oracle setting.
Given Cl0p’s historical past, it’s unlikely that organizations have been falsely listed as victims. Nonetheless, it’s not unusual for the cybercriminals to intentionally identify dad or mum firms because the sufferer when the precise affect was restricted to a smaller subsidiary (as within the case of American Airways being listed for the Envoy Air hack). It’s additionally doable that in some instances the hackers have exaggerated the worth and sensitivity of the stolen knowledge.
It’s nonetheless unclear precisely which Oracle EBS vulnerabilities have been exploited within the marketing campaign. The most definitely candidates are CVE-2025-61882 and CVE-2025-61884, each of which could be exploited remotely with out authentication or person interplay to achieve entry to delicate knowledge. Within the case of CVE-2025-61882, exploitation as a zero-day seems to have began a minimum of two months previous to patches being launched.
Associated: Refined Malware Deployed in Oracle EBS Zero-Day Assaults
Associated: State-Sponsored Hackers Stole SonicWall Cloud Backups in Latest Assault
