Google alerts organizations to a high-volume worldwide extortion campaign where hackers, claiming affiliation with Cl0p, demand up to $50 million from executives, alleging theft of sensitive Oracle E-Business Suite data.
Hackers, claiming ties to the notorious Cl0p ransomware group, are sending high-volume phishing emails alleging the theft of sensitive data from Oracle’s E-Business Suite and demanding ransoms as high as $50 million.
Details of the Campaign:
The extortion emails, which began circulating on or before September 29, 2025, have been sent to executives at numerous organizations. The attackers claim to have stolen sensitive data from Oracle’s E-Business Suite, a suite of integrated business applications used by large organizations to automate and manage business processes. While Google has not yet confirmed the authenticity of these claims, the emails contain contact information that has been publicly listed on the Cl0p data leak site, suggesting a possible connection to the group.
Cybersecurity Expert Insights:
Cybersecurity firm Halcyon has reported that the attackers are demanding ransoms of up to $50 million, providing proof of compromise, including screenshots and file trees, to substantiate their claims. The emails exhibit characteristics typical of Cl0p operations, such as poor grammar and formatting errors.
Potential Implications:
If the claims are verified, the breach could have significant implications for organizations using Oracle’s E-Business Suite, potentially exposing sensitive financial, supply chain, and customer relationship management data. The high ransom demands underscore the growing threat of cyber extortion targeting corporate executives.
Recommendations for Organizations:
Organizations are advised to remain vigilant and take proactive measures to protect against such threats. This includes verifying the authenticity of any unsolicited communications, implementing robust cybersecurity protocols, and educating executives and staff about phishing and extortion tactics.
Conclusion:
The ongoing extortion campaign highlights the increasing sophistication and audacity of cybercriminals targeting high-level executives. Organizations must stay informed and prepared to defend against such threats to safeguard their sensitive data and maintain operational integrity.