Imaging and optical know-how big Canon has confirmed being focused within the latest Oracle E-Enterprise Suite (EBS) hacking marketing campaign.
Nonetheless, its investigation has proven that the incident is restricted to a subsidiary of Canon U.S.A., Inc., the corporate advised SecurityWeek in an emailed assertion.
“Now we have confirmed that the incident solely affected the online server, and we now have already taken safety measures and resumed service,” Canon mentioned. “As well as, we’re persevering with to analyze additional to make sure that there isn’t any different influence.”
Whereas the cybercriminals have made public information allegedly stolen from lots of the victims — terabytes of information in some circumstances — no Canon information has been leaked on the time of writing.
Canon was beforehand focused in a ransomware assault again in 2020, when hackers stole worker info from the agency’s methods.
Different main firms that confirmed influence from the Oracle EBS hacking marketing campaign in latest days embrace Cox Enterprises, which mentioned the private info of roughly 9,500 people was compromised, and Mazda, which discovered no proof of information leakage.
Greater than 100 organizations have been named up to now on the Cl0p ransomware web site as alleged victims of the marketing campaign. Practically half of them are main firms in sectors reminiscent of IT and telecoms, heavy trade and manufacturing, healthcare and pharma, retail, automotive and transportation, media, and vitality and utilities.
The UK’s Nationwide Well being Service (NHS) is conducting an investigation, however it has but to substantiate a knowledge breach. Commercial. Scroll to proceed studying.
The checklist of huge firms which have but to publicly verify a knowledge breach contains Michelin, Broadcom, and Bechtel.
Cl0p has been the public-facing group to take credit score for the Oracle marketing campaign, however an unknown cluster of a risk actor tracked as FIN11 is believed to be behind the assaults. FIN11 carried out comparable campaigns concentrating on different broadly used enterprise merchandise previously.
Organizations are sometimes not listed on the Cl0p web site with out trigger, however the precise scope of the breach could also be exaggerated by the risk actors.
Associated: Logitech Confirms Information Breach Following Designation as Oracle Hack Sufferer
Associated: CISA Confirms Exploitation of Newest Oracle EBS Vulnerability
Associated: Refined Malware Deployed in Oracle EBS Zero-Day Assaults
