Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Clop Targets Oracle E-Business Suite in Coordinated Ransomware Attacks
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Clop Targets Oracle E-Business Suite in Coordinated Ransomware Attacks

Highlights

  • Clop exploited Oracle E-Business Suite, using multiple vulnerabilities for data theft.

  • Early attacks preceded ransom demands by several weeks, complicating detection efforts.

  • Patching and increased vigilance are crucial to protect enterprise systems from similar threats.

Samantha Reed
Last updated: 9 October, 2025 - 7:20 pm 7:20 pm
Samantha Reed 5 hours ago
Share
SHARE

A series of attacks attributed to the Clop ransomware group has prompted fresh concerns across enterprises relying on Oracle E-Business Suite. What initially appeared to be isolated incidents has evolved into a complex campaign exploiting several vulnerabilities, some previously unknown, to steal confidential data from high-profile victims. The targeting, which began months before extortion demands surfaced, highlights how cybercriminals coordinate efforts to access sensitive information even before their activities come to light. Organizations now seek clarity on the vulnerabilities involved, reassessment of their patching strategies, and insight into ongoing investigations, underscoring the sustained threat posed by sophisticated attacker groups.

Contents
How Did Clop Exploit Oracle E-Business Suite?What Has Oracle and the Security Community Done in Response?Are Other Threat Groups Involved?

Clop has previously leveraged high-impact zero-day vulnerabilities in other widely adopted platforms, but their latest activity demonstrates increasingly complex exploit chains. The use of Oracle E-Business Suite as the latest attack vector marks a shift, with attackers utilizing at least five separate defects to achieve remote code execution. Recent findings add new context to Clop’s approach compared to earlier attacks on file-transfer platforms like MOVEit, suggesting a diversification in their methods. Security teams now face additional pressure to rapidly deploy fixes and detect sophisticated, multi-stage attack sequences, which often evade conventional defenses.

How Did Clop Exploit Oracle E-Business Suite?

The attacks exploited a critical zero-day vulnerability designated CVE-2025-61882, among others, allowing Clop to execute code remotely on affected servers. According to researchers at Google Threat Intelligence Group (GTIG) and Mandiant, suspicious activity linked to the attack started as early as August 9, with dozens of organizations potentially compromised. The coordinated nature of these attacks enabled the threat actors to exfiltrate data before making extortion attempts.

“We’re still assessing the scope of this incident, but we believe it affected dozens of organizations,”

John Hultquist, chief analyst at GTIG, said.

What Has Oracle and the Security Community Done in Response?

Oracle responded by releasing a patch for the major zero-day, aiming to block further exploitation following their July security update. Security firms have reproduced the full attack chain, confirming that patching with Oracle’s October 4 update is essential to mitigate known routes used in the exploits. Despite these updates, reports from Shadowserver indicate over 570 Oracle E-Business Suite instances remain exposed. Researchers continue to identify possible attempts at exploitation even before official patches, raising concerns about the persistence of this threat. Oracle commented on remedial measures, stating,

“Customers updated through the patch released on Oct. 4 are likely no longer vulnerable to known exploitation chains.”

Are Other Threat Groups Involved?

While most evidence ties the activities to Clop, analysis indicates possible overlap with artifacts from other groups, such as those found in a Telegram channel connected to Scattered LAPSUS$ Hunters. So far, Google does not assess direct involvement from threat actors like UNC6240. The stealthy techniques and fileless malware leveraged in these attacks complicate attribution and detection efforts. Multiple unsubstantiated claims by other cybercriminal groups further add to the uncertainty regarding who is ultimately responsible for specific incidents.

Clop’s previous operations, involving mass exploitation of platforms such as MOVEit, set the stage for its large-scale extortion campaigns. With ransom demands reportedly reaching up to $50 million, as noted by cybersecurity firm Halcyon, the financial motivation remains significant. The wide geographic distribution of vulnerable Oracle E-Business Suite instances, predominantly in the United States, suggests a broad attack surface. Security researchers advise urgent patching and recommend monitoring for signs of compromise across all enterprise systems relying on Oracle software.

Organizations dealing with Oracle E-Business Suite must now scrutinize their environments for signs of exploitation and apply the latest patches provided by Oracle to reduce risk. Reviewing incident response strategies, investing in multi-layered detection capabilities, and keeping abreast of new threat intelligence will help reduce exposure to increasingly sophisticated ransomware campaigns. Collaboration within the cybersecurity community and timely vendor communication remain vital, especially as attackers adopt more intricate methods for breaching enterprise infrastructure. Running regular vulnerability scans and maintaining close contact with vendors like Oracle can serve as key preventative measures. As ransomware groups like Clop diversify their targets and tactics, companies are encouraged to prioritize proactive security and transparency when an incident occurs.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Hackers Breach SonicWall Cloud Backup, Exposing Customer Firewall Data

Court Faces Urgent Demand to Halt Data Merger Targeting Voters

Microsoft Links GoAnywhere Flaw to Storm-1175 Ransomware Attacks

OpenAI Identifies Existing Hacking Tactics Adopting ChatGPT for Efficiency

Clop Hackers Target Oracle Zero-Day, Prompt Urgent Response

Share This Article
Facebook Twitter Copy Link Print
Samantha Reed
By Samantha Reed
Samantha Reed is a 40-year-old, New York-based technology and popular science editor with a degree in journalism. After beginning her career at various media outlets, her passion and area of expertise led her to a significant position at Newslinker. Specializing in tracking the latest developments in the world of technology and science, Samantha excels at presenting complex subjects in a clear and understandable manner to her readers. Through her work at Newslinker, she enlightens a knowledge-thirsty audience, highlighting the role of technology and science in our lives.
Previous Article Amazon Drops Samsung Galaxy Watch 7 Price to New Low
Next Article Tesla FSD 14.1 Makes Unusual Move at Busy Pennsylvania Intersection

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Chevy Launches Bolt EV, Targets Tesla’s Affordable Model Segment
Electric Vehicle
Tesla Model S Gains Recognition on TIME’s Best Inventions List
Electric Vehicle
Investors Propel Reflection AI to $8B Valuation with $2B Raise
AI Technology
Figure AI Launches Figure 03 Robot Targeting Homes and Mass Production
AI Robotics
Ferrari Enters EV Market with Elettrica, Rethinks Future Targets
Technology
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?