Oracle E-Business Suite Hack Hits 30 Companies as Cl0p Ransomware Expands Global Cyber Attacks

A major cybersecurity issue has recently surfaced, in which hackers allegedly targeted over 30 companies utilizing Oracle's E-Business Suite (EBS) enterprise software. The campaign, which began in late September, entailed sending extortion emails to senior executives from several businesses. According to cybersecurity specialists, this large-scale attack is related to FIN11, a financially driven hacking gang, with the Cl0p ransomware group serving as the campaign's public face.

Cl0p, which was formerly recognized for its attacks on MOVEit, Cleo, and Fortra file transfer systems, has now expanded its target list to include Oracle ERP users. Cl0p revealed the names of 29 allegedly harmed organizations on its leak website, including important institutions such as Harvard University, Wits University in South Africa, and Envoy Air, an American Airlines subsidiary. These companies confirmed the data breaches shortly after they appeared online.

The affected companies come from a variety of industries, including technology, automotive, energy, financial services, construction, mining, manufacturing, and professional services. Experts believe that many organizations are still examining the scope of the hack, while others might choose to stay silent to avoid public exposure.

Cl0p has previously leaked significant amounts of data, ranging from hundreds of gigabytes to several terabytes, taken from at least 18 identified victims. Analysts caution that, while certain specifics may be overblown, the threat remains serious, considering Cl0p's history of targeting high-profile businesses.

Security analysts believe the hackers exploited two Oracle EBS vulnerabilities: CVE-2025-61882 and CVE-2025-61884.These vulnerabilities can be exploited remotely without requiring user input, granting attackers immediate access to important corporate data. Notably, the exploitation of CVE-2025-61882 appears to have begun two months before Oracle issued official security updates, indicating a zero-day attack.

This incident emphasizes the growing threats to enterprise systems and the need for organizations to deploy timely updates, enhanced security monitoring, and data backup protocols. As global cyber threats increase, proactive cybersecurity remains the most effective defense against ransomware-related intrusions. Companies should also emphasize frequent vulnerability assessments and employee awareness training to reduce potential entry points for attackers. Increased coordination between cybersecurity teams and technology providers can aid in the early detection and mitigation of emerging threats.

Information referenced in this article is from Security Week