Oracle under attack: hackers demand up to USD $ 50 million in rescue for sensitive data theft

By Hannah Pérez

Oracle says that he is investigating attacks on numerous customer applications of his e-business suite after an extortion campaign aimed at large companies. The hackers would be making millionaire demands.

***

• Hackers linked to the Cl0P ransomware would have violated e-business suite of Oracle.
• They are demanding millionaire money rescue for the theft of sensitive data to large companies.
• Oracle serves thousands of global corporations, including banks, retail stores, manufacturers.
• The technology company says that the incident is investigating in the midst of claims.

---

A group of computer criminals linked to the notorious RANSOMWARE CL0P, has unleashed a wave of extortion against executives from large companies to acclaim the theft of data from numerous applications of the E-Business Suite of Oraclethe American technological giant specializing in business software, potentially affecting thousands of global corporations.

This attack, which exploits known vulnerabilities in the system, puts customers of Oracle In key sectors such as finance, supply and customer relationship management chains, exposing confidential information that could lead to mass leaks if bailouts are not paid, as media have been reported such as Bloomberg.

Oracle Corporationfounded in 1977 and based in Austin, Texas, is one of the world leaders in business technology, offering tools that promote critical operations for companies such as banks, manufacturers and retailers.

Your product E-Business Suitea comprehensive ERP application package (business resources planning) launched more than two decades ago, integrates modules for accounting, logistics and CRM (customer management), and is used by thousands of organizations worldwide, especially those with legada infrastructures that are not always updated quickly.

Hackers claim millionaire rewards

The attack, which began to be noticed at the end of September, mainly affects customers with web portals of E-Business Suite.

The hackers obtained initial access by compromising user email accounts and abusing the predetermined password restoration function, which allowed them to generate valid credentials to infiltrate the systems, as detailed to familiar sources to Bloomberg. Once inside, they extracted sensitive data, including financial and operational information, before launching a mass extortion campaign through emails sent from hundreds of accounts of hacked third parties.

The group, which defines itself related to CL0P – known for its alleged Russian origin and tactics of stealth in massive thefts of data – has sent messages with tests of the gap, such as screenshots and file trees, demanding exorbitant sums. One of the highest demands reported amounts to 50 million dollarsaccording to the cybersecurity firm Halcyonwhich qualifies CL0P as “Notorious for massive data robberies that increase their negotiation power in extortion“

The emails, plagued by grammatical errors in English – a typical signature of this group – began on September 29 and have reached executives of at least a dozen large organizations, although the names of the victims have not been disclosed.

E-business suite of compromised oracle

Oraclemeanwhile, confirmed Thursday that he investigates intrusions and internally notified his employees about the exploitation of known failures in E-Business Suitefor which he issued security patches in July, he reported Bloomberg.

“The company discovered the exploitation of known vulnerabilities in its product, for which it offered updates in July“, Two sources close to that newspaper revealed. A spokesman for Oracle He did not respond immediately to additional requests, but the company has urged its clients to apply pending updates to mitigate risks.

This is not the first time that CL0P whips the cyber panorama: in 2023, a software failure exploded Moveit Transferaffecting hundreds of entities such as Shell, British Airways and the BBCwhich led to the US cybersecurity and infrastructure agency (CISA) to broadcast alerts about their methods, recommending asset inventories, port monitoring and immediate updates.

Experts warn that the impact of this event could be devastating for affected companies, not only due to potential financial losses, but also because of the risk of regulatory sanctions under regulations such as GDPR in Europe or Hipa in health.

So far, it is not known if any victim has yielded to the demands, but the campaign emphasizes the urgency of strengthening “cyberHigiene” in business environments. While Oracle Accelerates its response, the corporate world contains breathing to what could become one of the greatest data gaps of 2025.

---

Article written with the help of AI, edited by Diariobitcoin

Edited image of Unspash

WARNING: Diariobitcoin offers informative and educational content on various topics, including cryptocurrencies, AI, technology and regulations. We do not provide financial advice. Cryptactive investments are high risk and may not be adequate for all. Investigate, consult an expert and verify the applicable legislation before investing. I could lose all its capital.