Cybercriminals have named the UK’s Nationwide Well being Service (NHS) as one of many victims of the latest information theft and extortion marketing campaign focusing on organizations that use Oracle’s E-Enterprise Suite (EBS) enterprise useful resource planning options.
“We’re conscious that the NHS has been listed on a cyber-crime web site as being impacted by a cyber-attack, however no information has been printed,” a spokesperson for NHS England instructed SecurityWeek. “Our cyber safety staff is working carefully with the Nationwide Cyber Safety Centre to analyze.”
The Oracle EBS hacking marketing campaign got here to gentle in early October and inside two weeks the cybercriminals began naming victims on the Cl0p ransomware group’s leak web site. The hackers have since made public information allegedly stolen from organizations comparable to Harvard College, American Airways subsidiary Envoy Air, industrial giants Schneider Electrical and Emerson, and The Washington Submit.
The NHS is the most recent group named on the Cl0p ransomware leak web site, which now lists greater than 40 alleged victims of the Oracle EBS marketing campaign. Knowledge allegedly obtained from 25 targets has been printed.
One of many victims named in latest days is Hitachi subsidiary GlobalLogic, a supplier of digital engineering options.
GlobalLogic confirmed this week that the cybercriminals gained entry to HR data for present and former workers, together with names, addresses, contact data, dates of start, passport data, Social Safety numbers, wage data, and checking account particulars. The corporate stated the incident impacts greater than 10,000 people.
A majority of the organizations named on the Cl0p web site have but to verify or deny being impacted. The listing consists of main corporations comparable to Logitech, Cox Enterprises, Pan American Silver, LKQ Company, and Copeland.
Victims of the Oracle EBS hack are probably conducting investigations and a few of them probably don’t wish to share data till their probes are accomplished. Others are probably attempting to keep away from the highlight by staying silent. Commercial. Scroll to proceed studying.
Whereas Cl0p’s historical past means that organizations are hardly ever listed as victims with out trigger, the precise scope of the breach could also be exaggerated by the risk actors to stress victims into cost.
Associated: CISA Confirms Exploitation of Newest Oracle EBS Vulnerability
Associated: Exploitation of Oracle EBS Zero-Day Began 2 Months Earlier than Patching
Associated: Subtle Malware Deployed in Oracle EBS Zero-Day Assaults
