Harvard College is the primary confirmed sufferer of the latest cybercrime marketing campaign focusing on clients of Oracle’s E-Enterprise Suite (EBS) resolution.
Harvard was listed on the info leak web site devoted to victims of the Cl0p ransomware on October 12. The college was initially solely named, however the cybercriminals have now printed a hyperlink that factors to knowledge allegedly stolen from Harvard.
The hackers have made out there over 1.3 TB of archive recordsdata that allegedly comprise Harvard knowledge. SecurityWeek has not verified the content material of the leaked recordsdata.
In a press release, Harvard confirmed being focused within the Oracle EBS marketing campaign. The group’s investigation is ongoing, however it believes the incident impacts “a restricted variety of events related to a small administrative unit”.
Harvard mentioned the vulnerability exploited by the hackers has been patched and there’s no proof of different methods being compromised.
Google’s Menace Intelligence Group (GTIG) and Mandiant imagine dozens of organizations have been focused.
Whereas the hackers are believed to have stolen a major quantity of information, the sensitivity of the knowledge probably differs for every sufferer. Info usually saved in an EBS occasion can embody monetary, buyer, provider, HR, and stock knowledge.
The cybercriminals behind the Oracle EBS marketing campaign despatched out extortion emails to executives on the focused organizations on behalf of the Cl0p ransomware group, probably as a result of fame it has constructed after conducting comparable campaigns prior to now. These campaigns focused clients of Cleo, MOVEit, Fortra and Accellion file switch merchandise. Commercial. Scroll to proceed studying.
The Oracle assault has not been attributed to a particular menace group, however GTIG and Mandiant discovered a number of hyperlinks to a cybercrime group tracked as FIN11, which alongside Cl0p was tied to the earlier campaigns focusing on file switch merchandise.
The assaults focusing on Oracle EBS clients seem to have concerned the exploitation of identified and zero-day vulnerabilities, in addition to the deployment of refined malware.
CrowdStrike reported that exploitation of the software program flaws seems to have began on August 9, however Google has seen some indication that the assaults might have begun as early as July 10.
Associated: Oracle Patches EBS Vulnerability Permitting Entry to Delicate Information
Associated: Exploitation of Oracle EBS Zero-Day Began 2 Months Earlier than Patching
Associated: Extortion Group Leaks Thousands and thousands of Data From Salesforce Hacks
