Oracle E-Business Suite Under Siege: FIN11 and Cl0p’s Comedic Malware Misadventure!
In a plot twist worthy of a cyber-thriller, Google’s Threat Intelligence Group and Mandiant are hot on the heels of Oracle E-Business Suite extortionists. The hackers, possibly linked to FIN11, used sophisticated malware like GoldVein and SageWave. Meanwhile, victims await their fate on the Cl0p leak website.
Hot Take:
Oracle’s E-Business Suite, more like “E-Business Sleuth” because everyone and their malware is on the case! Hackers seem to be treating Oracle’s vulnerabilities like an all-you-can-breach buffet. I guess the lesson here is if you don’t patch your software, prepare to be matched with a cybercriminal on a mission. Time to get those patches on, folks, because these hackers are not going to wait for an RSVP!
Key Points:
- Google Threat Intelligence Group (GTIG) and Mandiant have unearthed malware in the Oracle EBS extortion campaign.
- Exploitation of vulnerabilities started as early as July, prior to Oracle’s patch release.
- Malware identified includes a sophisticated, multi-stage, fileless chain dubbed GoldVein, SageGift, SageLeaf, and SageWave.
- Cybercriminal groups like ShinyHunters, Scattered LAPSUS$, and FIN11 are involved, with links to Cl0p ransomware.
- Data theft from numerous organizations has been confirmed, with extortion messages threatening to name victims.
Already a member? Log in here