Google says hackers related to a prolific ransomware group are sending extortion emails to executives at “quite a few” massive organizations after claiming to have stolen their delicate data from a set of enterprise software program merchandise developed by Oracle.
In an announcement supplied to TechCrunch, Google’s head of cybercrime evaluation Genevieve Stark mentioned the hackers started sending emails to executives round September 29, however that the tech big has not but substantiated the hackers’ claims.
The emails have been despatched from tons of of compromised accounts, together with one utilized by a identified financially motivated cybercrime group affiliated with the Clop ransomware gang.
Charles Carmakal, the chief expertise officer of Google’s incident response unit Mandiant, instructed TechCrunch that the malicious emails despatched to executives contained contact addresses which might be listed on Clop’s knowledge leak website, which the hackers use to strain victims into paying them to take away their stolen information.
Clop is a prolific hacking group that has hacked tons of of corporations in latest years, usually by exploiting beforehand undiscovered safety flaws which might be unknown to the software program maker, generally known as zero-day vulnerabilities. These flaws have allowed the hacking group to breach a number of organizations without delay, permitting the theft of knowledge on a minimum of tens of thousands and thousands of individuals.
Bloomberg reported that in a single case the hackers demanded $50 million from an affected firm, citing the counter-ransomware agency Halcyon, which is responding to the hacking marketing campaign however didn’t return a request for remark from TechCrunch.
In response to Bloomberg, the hackers used compromised person emails and abused the default password-reset operate to achieve working credentials for Oracle E-Enterprise Suite web-portals which might be accessible from the web.
Oracle E-Enterprise Suite is a set of merchandise developed by tech big Oracle to assist corporations handle their buyer databases, worker data, and human assets information. Oracle says on its web site that 1000’s of organizations world wide depend on its E-Enterprise Suite to run their corporations.
Oracle spokesperson Deborah Hellinger didn’t return a request for touch upon Thursday.
Are you aware extra concerning the extortion marketing campaign? Are you an government who obtained an extortion menace? We might love to listen to from you and might hold you nameless. Securely contact this reporter by way of encrypted message at zackwhittaker.1337 on Sign.
