Cl0p Strikes Again: New Extortion Scheme Targets Oracle E-Business Suite Users
Google Mandiant and Google Threat Intelligence Group are tracking a sneaky bunch possibly linked to the infamous Cl0p. They’re sending extortion emails claiming they’ve swiped sensitive data from Oracle E-Business Suite. Meanwhile, organizations are searching for signs of these digital pranksters in their systems.
Hot Take:
The digital soap opera continues as Cl0p seems to have taken a page out of the Godfather’s playbook—making offers you can’t refuse, but with a modern twist. Instead of horse heads in beds, we have extortion emails landing in executives’ inboxes, threatening to spill the beans from their Oracle E-Business Suite. And just like in any good thriller, there’s a hint of mystery with our cyber detectives still piecing together the clues. Stay tuned, because this plot is thicker than a bowl of oatmeal!
Key Points:
- Google Mandiant and GTIG are tracking new malicious activities by a possible Cl0p-linked group.
- Executives are receiving extortion emails claiming theft of data from Oracle E-Business Suite.
- The email campaign originates from compromised accounts, some linked to FIN11.
- Investigations are ongoing, with no concrete evidence of Cl0p’s direct involvement.
- Cl0p has a history of exploiting zero-day vulnerabilities in several platforms.