Google announced that hackers targeted executives and blackmailed them through Oracle. According to a Google report, blackmail emails were sent to numerous organizations across various sectors. The messages allege that critical data was leaked through Oracle’s E-Business Suite platform, but Oracle has yet to officially comment on the matter.
Million-Dollar Blackmail
Google reported that an organized blackmail campaign targeting senior executives of large-scale organizations across various sectors has been ongoing since September 29th. According to the company’s statement, the attackers claimed to have obtained financial and operational data from corporate systems and threatened to use this information.
Cybersecurity firm Halcyon revealed that the ransom demands in some emails reached tens of millions of dollars. The emails often used phrases such as “last warning before I leak your data,” aiming to prompt panicked individuals to react quickly.
Investigations by Google’s security unit indicate that the campaign may be driven by the hacker group FIN11. The group, previously known for attacks focused on financial gain, is known for its links to the Clop ransomware.
Google Cloud’s security division, Mandiant, has identified some of the email addresses used in the attacks as listed on the Clop data leak site. However, Google has emphasized that there is currently no definitive evidence that the attackers actually exfiltrated Oracle systems.
Google’s Threat Intelligence Group (TAG) stated that they have not yet determined the type or source of the malware used in the attacks. Authorities say the strongest indicator of the campaign is currently the blackmail email traffic.
Oracle’s E-Business Suite software has a wide range of uses, from financial transactions and human resources management to supply chain and project planning. Therefore, a potential security breach could have major corporate consequences on a global scale.
Google emphasized that organizations receiving blackmail emails should immediately review their systems and conduct a comprehensive security audit of user accounts. It also warned that such attacks are not limited to Oracle infrastructure and that similar methods could be attempted on other enterprise platforms.
{{user}} {{datetime}}
{{text}}