Hackers are targeting senior executives with extortion emails, claiming to have stolen sensitive information from Oracle’s widely used business software, Google has revealed. The attacks, believed to be linked to the Cl0p ransomware gang, have been launched on a large scale against organisations running Oracle’s E-Business Suite, a system critical for managing finance, supply chains, and customer relations. The scheme underscores how cybercriminals are increasingly zeroing in on platforms that underpin corporate operations.
According to Google, the extortion campaign is spreading rapidly through emails sent from hundreds of hijacked accounts. Some of these accounts were previously tied to FIN11, a financially motivated group associated with Cl0p. The messages, often accompanied by threats to release sensitive data, have demanded ransoms reportedly as high as $50 million. Security firm Halcyon disclosed that some emails contained screenshots and file directories presented as proof, though experts believe these materials may have been fabricated or recycled from past incidents.
Despite the claims, neither Google nor its cybersecurity arm, Mandiant, has found evidence that Oracle’s systems were breached. No zero-day vulnerabilities have been detected, and Oracle itself has yet to issue a public statement on the matter. Google also noted that it lacks sufficient evidence to confirm whether the extortionists actually gained access to the data they claim to possess. Analysts warn that even without confirmed breaches, such campaigns can cause reputational damage and fuel panic among targeted organisations.
Experts stress that the development highlights a shift in ransomware tactics, with attackers increasingly relying on threats and psychological manipulation rather than file encryption. Organisations are advised to monitor Oracle environments for unusual activity, strengthen phishing defences, and review incident response strategies. Security analysts emphasise that multi-factor authentication has become a critical safeguard, urging companies to adopt it as part of broader measures to bolster cyber resilience.