Google says hackers related to a prolific ransomware group are sending extortion emails to executives at “quite a few” massive organizations after claiming to have stolen their delicate data from a set of enterprise software program merchandise developed by Oracle.
In an announcement supplied to information.killnetswitch, Google’s head of cybercrime evaluation Genevieve Stark stated the hackers started sending emails to executives round September 29, however that the tech large has not but substantiated the hackers’ claims.
The emails had been despatched from lots of of compromised accounts, together with one utilized by a identified financially motivated cybercrime group affiliated with the Clop ransomware gang.
Charles Carmakal, the chief expertise officer of Google’s incident response unit Mandiant, instructed information.killnetswitch that the malicious emails despatched to executives contained contact addresses which might be listed on Clop’s information leak web site, which the hackers use to stress victims into paying them to take away their stolen recordsdata.
Clop is a prolific hacking group that has hacked lots of of corporations lately, usually by exploiting beforehand undiscovered security flaws which might be unknown to the software program maker, often known as zero-day vulnerabilities. These flaws have allowed the hacking group to breach a number of organizations without delay, permitting the theft of knowledge on no less than tens of hundreds of thousands of individuals.
Bloomberg reported that in a single case the hackers demanded $50 million from an affected firm, citing the counter-ransomware agency Halcyon, which is responding to the hacking marketing campaign however didn’t return a request for remark from information.killnetswitch.
In response to Bloomberg, the hackers used compromised consumer emails and abused the default password-reset operate to realize working credentials for Oracle E-Enterprise Suite web-portals which might be accessible from the web.
Oracle E-Enterprise Suite is a set of merchandise developed by tech large Oracle to assist corporations handle their buyer databases, worker data, and human assets recordsdata. Oracle says on its web site that 1000’s of organizations world wide depend on its E-Enterprise Suite to run their corporations.
Oracle spokesperson Deborah Hellinger didn’t return a request for touch upon Thursday.
Have you learnt extra concerning the extortion marketing campaign? Are you an govt who obtained an extortion menace? We might love to listen to from you and may maintain you nameless. Securely contact this reporter through encrypted message at zackwhittaker.1337 on Sign.
