Security researchers at Google say that more than 100 organizations are likely to have fallen victim to a large-scale cyberattack on Oracle E-Business Suite. The hacking campaign, carried out by the notorious CL0P group, targets business-critical systems and has already stolen “mass amounts of customer data.”
The attack may have started three months ago, according to Google’s cybersecurity team. “This level of investment suggests the threat actor(s) responsible for the initial intrusion likely dedicated significant resources to pre-attack research,” Google said.
According to earlier reports, the hacker collective CL0P has threatened to reveal soon that Oracle has botched their core product. This statement is consistent with the group’s usual tactics, which involve stealing sensitive data and then extorting organizations.
Oracle previously confirmed that there had been attempts at extortion targeting its customers. The company has not yet responded to requests for comment on Google’s new findings.
Extent of the hack greater than expected
The hackers specifically targeted Oracle’s E-Business Suite, a suite of applications that organizations use to manage customers, suppliers, production, and logistics. These systems often form the backbone of business processes, making a successful breach far-reaching.
The Alphabet subsidiary emphasizes that CL0P has a long history of large-scale compromises targeting software vendors and service providers. Google analyst Austin Larsen expects the actual number of victims to be even higher: “We are aware of dozens of victims, but we expect there are many more. Based on the scale of previous CL0P campaigns, it is likely there are over a hundred.”
CL0P’s method is sophisticated. Instead of locking systems with ransomware, the group focuses on stealing large amounts of data undetected. This approach makes detection more difficult and increases pressure during negotiations.