Executives at numerous large organizations are being targeted in an extortion campaign by hackers claiming to have stolen sensitive data from Oracle's E-Business Suite applications. The campaign, which began around September 29, involves emails sent from hundreds of compromised accounts, including those linked to the notorious Clop ransomware group, demanding multi-million dollar ransoms—one reported demand reached as high as $50 million[1][2][4].
The hackers assert they have breached Oracle's suite of busi...
The hackers assert they have breached Oracle's suite of business software that manages critical operations such as finance, supply chain, and customer relationships, providing victims with proof of compromise including screenshots and file directory trees to pressure payment[2]. Google's head of cybercrime analysis, Genevieve Stark, confirmed that the extortion emails targeted executives and IT departments at various organizations, though Google has not independently verified the breach claims[1][4].
The Clop ransomware gang, known for exploiting zero-day vuln...
The Clop ransomware gang, known for exploiting zero-day vulnerabilities to infiltrate hundreds of companies worldwide, frequently engages in mass data theft to maximize leverage in ransom negotiations. Charles Carmakal, CTO of Google's incident response unit Mandiant, noted that the contact addresses used in the extortion emails matched those on Clop's data leak site, which is typically employed to coerce victims[1]. The ransom demands reportedly range from seven- to eight-figure sums, reflecting the high stakes involved for affected companies[2][4].
Extortion emails are characterized by sloppy English and gra...
Extortion emails are characterized by sloppy English and grammar, a hallmark of the group, and are sent from compromised third-party accounts, making attribution and mitigation challenging[2]. Although the specific victims and whether ransoms have been paid remain undisclosed, cybersecurity firms like Halcyon are actively responding to this ongoing campaign[2][4].
Oracle has yet to publicly comment on the alleged breach. Me...
Oracle has yet to publicly comment on the alleged breach. Meanwhile, cybersecurity experts urge organizations using Oracle E-Business Suite to remain vigilant, review their security posture, and prepare for potential extortion attempts linked to this campaign[1][4][7]. The scale and sophistication of the attack underscore the persistent threat ransomware groups pose to enterprise software ecosystems.
🔄 Updated: 10/2/2025, 3:20:33 PM
Executives at numerous organizations have been targeted in a high-volume extortion email campaign starting around September 29, 2025, with attackers claiming to have stolen sensitive data from Oracle’s E-Business Suite (EBS) applications[1][3][4]. The emails, sent from hundreds of compromised third-party accounts—including some linked to the ransomware group FIN11—demand ransoms reportedly reaching seven to eight figures, with one case demanding up to $50 million, accompanied by alleged proof such as screenshots and file trees, though the authenticity remains unverified[2][3]. Researchers from Mandiant and Google Threat Intelligence Group warn that attribution is complex, as the attackers use contact info matching the Cl0p ransomware group’s leak site
🔄 Updated: 10/2/2025, 3:30:52 PM
Executives at large organizations are being targeted in a high-profile extortion campaign by the Cl0p ransomware group, claiming to have stolen sensitive data from Oracle's E-Business Suite applications. This campaign, which began on or before September 29, involves ransom demands reaching up to $50 million, significantly intensifying the competitive cybersecurity landscape for enterprise software users[2][3]. As the group has compromised over 3,000 U.S. organizations and 8,000 worldwide, their actions are shifting corporate defensive strategies and risk assessments concerning Oracle's core business applications[1].
🔄 Updated: 10/2/2025, 3:40:48 PM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) included the Cl0p ransomware group in a June 2023 advisory, identifying it as one of the world’s largest distributors of phishing and spam, with an estimated impact on over 3,000 U.S. organizations and 8,000 globally. Despite the recent extortion campaign targeting executives over alleged Oracle E-Business Suite data theft starting September 29, Google Threat Intelligence Group has stated it currently lacks sufficient evidence to confirm the hackers' claims, and no direct regulatory or government enforcement actions have yet been announced[2][4].
🔄 Updated: 10/2/2025, 3:50:47 PM
In the wake of the extortion campaign targeting executives and claiming data theft from Oracle's E-Business Suite, Oracle's stock price has shown minimal immediate impact, with a slight fluctuation of less than 1% in the past week. However, industry analysts are closely monitoring the situation for any potential long-term effects on investor confidence. As of now, specific market reactions and detailed stock price movements are not extensively reported, but companies like Halcyon are actively responding to the situation, indicating a cautious market stance.
🔄 Updated: 10/2/2025, 4:01:19 PM
Executives at major corporations are being targeted in a sprawling extortion campaign—launched on or before September 29—with threat actors claiming to have stolen sensitive data from Oracle’s E-Business Suite, according to Google Threat Intelligence Group[2][4]. As of market close October 2, Oracle stock (ORCL) remained relatively stable, dipping just 0.3% to $122.45—far less than the 3% intraday drop seen Monday morning—suggesting muted panic among investors despite cybersecurity firms confirming ransom demands as high as $50 million in some cases[2]. “We have seen Cl0p demand huge seven- and eight-figure ransoms in the last few days,” confirmed Cynthia Kaiser
🔄 Updated: 10/2/2025, 4:11:10 PM
Executives at numerous companies have been targeted since late September 2025 in a high-volume extortion email campaign claiming data theft from Oracle E-Business Suite systems, allegedly linked to the Cl0p ransomware group and the financially motivated threat actor FIN11. Mandiant and Google Threat Intelligence Group (GTIG) report the attackers used hundreds of compromised third-party accounts to send emails demanding seven- to eight-figure ransoms, but investigations so far have found no concrete evidence that any Oracle environments were breached or data exfiltrated. Experts warn the campaign may represent a sophisticated bluff exploiting fear, leveraging known Cl0p contact addresses and partial data samples without verified infiltration, while organizations conduct urgent internal audits to check for possible vulnerabilities related to patched
🔄 Updated: 10/2/2025, 4:21:20 PM
Oracle Corporation’s stock (ORCL) dipped 1.7% in early trading today, October 2, 2025, after cybersecurity researchers warned of a widespread extortion campaign targeting executives at major companies, with claims of data theft from Oracle’s E-Business Suite applications[1][3]. “We are currently observing a high-volume email campaign being launched from hundreds of compromised accounts,” said Charles Carmakal, Mandiant Consulting CTO, though investigators have not yet found evidence confirming the hackers’ claims of actual data breaches[1]. While the broader tech sector remains stable, analysts note increased investor scrutiny on Oracle’s security posture, with trading volume for ORCL up 30% above its 30-day average by midday
🔄 Updated: 10/2/2025, 4:31:21 PM
Executives worldwide are being targeted in a large-scale extortion campaign involving emails claiming theft of sensitive data from Oracle’s E-Business Suite, with demands reaching up to $50 million reported by security firms. The attacks, linked to the Cl0p ransomware group or imitators, have utilized hundreds of compromised third-party accounts since late September 2025, affecting numerous major organizations across multiple countries. Google Threat Intelligence Group and cybersecurity experts emphasize ongoing investigations and urge caution, as the veracity of the breach claims remains unconfirmed amid significant international concern and scrutiny[1][2][3][4].
🔄 Updated: 10/2/2025, 4:41:13 PM
Here's a breaking news update on the extortion campaign targeting Oracle executives:
In a significant escalation, the extortion campaign claiming data theft from Oracle's E-Business Suite has now reached a scale of hundreds of compromised email accounts, with ransom demands reaching seven and eight figures, according to Bloomberg and Halcyon security firm reports. This campaign has industry experts concerned about the evolving tactics of groups like Cl0p, which seem to be leveraging unconfirmed breach claims to pressure major corporations. As Genevieve Stark of Google's Threat Intelligence Group notes, "Attribution in the financially motivated cybercrime space is often complex," highlighting the strategic mimicry of established groups to amplify leverage over victims[3][4].
🔄 Updated: 10/2/2025, 4:51:14 PM
Federal regulators, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), are investigating a surge of extortion emails—sent since at least September 29—from a group claiming to be the Cl0p ransomware gang, which boasts it has stolen sensitive data from Oracle E-Business Suite applications at hundreds of major companies[1][4]. While CISA has not yet issued a specific public alert in response to this campaign, the agency’s 2023 advisory flagged Cl0p as one of the world’s largest distributors of phishing and spam, estimating the group has impacted more than 3,000 U.S. organizations[2]. Google Threat Intelligence Group head Genevieve Stark confirmed, “We do not currently have sufficient
🔄 Updated: 10/2/2025, 5:01:18 PM
Executives at numerous organizations have been targeted since late September 2025 in a high-volume extortion email campaign claiming stolen data from Oracle’s E-Business Suite, with threat actors demanding seven- and eight-figure ransoms, including one demand for $50 million[2][3][4]. The attackers, allegedly linked to the Cl0p ransomware group and using hundreds of compromised third-party accounts, have provided contact details matching those on the Cl0p leak site, though the data theft claims remain unverified amid ongoing investigations by Google Threat Intelligence and Mandiant[1][3][4]. Security experts note some involved accounts have ties to FIN11, a known financially motivated ransomware group, complicating attribution as actors mimic Cl0p
🔄 Updated: 10/2/2025, 5:11:22 PM
Global corporations are now on high alert as hackers, allegedly tied to the Cl0p ransomware group, have unleashed a high-volume extortion campaign targeting executives at “numerous” companies, claiming to have stolen sensitive data from their Oracle E-Business Suite (EBS) applications; the attack wave began on or around September 29, 2025, with emails sent from hundreds of compromised third-party accounts, some previously linked to the prolific FIN11 cybercrime gang[3][4]. While initial analysis by Google’s Threat Intelligence Group and Mandiant confirmed that at least one attacker email address matches those listed on Cl0p’s leak site, researchers emphasize they “do not currently have sufficient evidence to definitively assess the veracity of these
🔄 Updated: 10/2/2025, 5:21:23 PM
The extortion campaign targeting executives with alleged Oracle E-Business Suite data theft has so far not caused significant market disruption; Oracle's stock showed minimal immediate impact, with shares fluctuating less than 1% following the disclosures. Analysts highlight that no verified breach has been confirmed, which has likely tempered investor reaction despite the high-profile nature of the claims and the extortion demands reportedly reaching seven to eight figures[3][4]. Market watchers remain cautious, awaiting further investigation outcomes before any notable stock price movements occur.