Oracle was hit by the Cl0p ransomware gang in a bizarre “catch me if you can” moment, using its own E-Business Suite (EBS) vulnerability to exploit the software company. The incident is ironic given Oracle’s warnings about similar extortion tactics and delayed patches that left thousands of customers vulnerable.
The Cl0p group posted Oracle’s information on its dark leak blog, including the company’s headquarters and street address, phone number, website, annual revenue, and industry sector. However, the post quickly disappeared after word spread about the hack, suggesting Oracle may have initiated contact with the group.
Cyber threat intel analyst Dominic Alvieri shared screenshots of the Cl0p Oracle post on X, and it appears that representatives for Oracle are trying to negotiate a ransom demand or get their company’s name off the leak site. This incident marks the latest in Cl0p’s EBS zero-day hacking campaign, which has compromised dozens of organizations since July.
The Cl0p exploit allows unauthenticated Remote Code Execution (RCE) in Oracle EBS, enabling the group to steal sensitive customer data. The first emergency patch released by Oracle failed, prompting a second critical patch that left customers exposed for another six days.
Source: https://cybernews.com/news/cl0p-ransomware-breaches-oracle-exploiting-oracles-own-e-business-suite-ebs-zero-day