Clop extortion campaign targets Oracle E-Business Suite
Summary
Hide ▲
Show ▼
Executives at multiple companies received extortion emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. The campaign began in late September 2025 and is linked to the Clop ransomware gang. The emails were sent from compromised accounts, some previously associated with the FIN11 threat group. The emails contain contact addresses known to be listed on the Clop ransomware gang's data leak site. The extortion emails claim that sensitive data was stolen from Oracle E-Business Suite systems. The emails were sent from compromised accounts, some previously associated with the FIN11 threat group. The emails contain contact addresses known to be listed on the Clop ransomware gang's data leak site. Mandiant and GTIG are investigating the claims and recommend that organizations receiving these emails investigate their environments for unusual access or compromise in their Oracle E-Business Suite platforms.
Timeline
-
02.10.2025 06:13 1 articles · 2h ago
Clop extortion emails claim theft of Oracle E-Business Suite data
Executives at multiple companies received extortion emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. The campaign began in late September 2025 and is linked to the Clop ransomware gang. The emails were sent from compromised accounts, some previously associated with the FIN11 threat group. The emails contain contact addresses known to be listed on the Clop ransomware gang's data leak site.
Show sources
- Clop extortion emails claim theft of Oracle E-Business Suite data — www.bleepingcomputer.com — 02.10.2025 06:13
Information Snippets
-
The extortion campaign began in late September 2025.
First reported: 02.10.2025 06:131 source, 1 articleShow sources
- Clop extortion emails claim theft of Oracle E-Business Suite data — www.bleepingcomputer.com — 02.10.2025 06:13
-
The emails were sent from a large number of compromised email accounts.
First reported: 02.10.2025 06:131 source, 1 articleShow sources
- Clop extortion emails claim theft of Oracle E-Business Suite data — www.bleepingcomputer.com — 02.10.2025 06:13
-
At least one compromised account has been previously associated with the FIN11 threat group.
First reported: 02.10.2025 06:131 source, 1 articleShow sources
- Clop extortion emails claim theft of Oracle E-Business Suite data — www.bleepingcomputer.com — 02.10.2025 06:13
-
The emails contain contact addresses known to be listed on the Clop ransomware gang's data leak site.
First reported: 02.10.2025 06:131 source, 1 articleShow sources
- Clop extortion emails claim theft of Oracle E-Business Suite data — www.bleepingcomputer.com — 02.10.2025 06:13
-
The Clop ransomware gang is known for exploiting zero-day vulnerabilities in secure file transfer platforms to steal data.
First reported: 02.10.2025 06:131 source, 1 articleShow sources
- Clop extortion emails claim theft of Oracle E-Business Suite data — www.bleepingcomputer.com — 02.10.2025 06:13
-
The most recent campaign associated with Clop was in October 2024, exploiting two Cleo file transfer zero-days.
First reported: 02.10.2025 06:131 source, 1 articleShow sources
- Clop extortion emails claim theft of Oracle E-Business Suite data — www.bleepingcomputer.com — 02.10.2025 06:13