- CL0P Ransomware Utilized Oracle E-Business Suite that required payment from affected organizations
- Google says attacks began in July-August before Oracle released a patch to zero-day
- Fin11 may be involved, either collaboration with CL0P or inspire the extortion campaign
The recent Oracle E-Business Suite Cyberattack may have affected dozens of organizations around the world as Google’s researchers shed more light on the current active extortion campaign.
News recently broke about several leaders across US organizations receiving E emails that seem to come from the CL0P Ransomware band. In e-mails, Miscreants said they stole sensitive files from the company’s Oracle E-Business Suite Systems and asked for payment in return for deleting the files.
The original reports suggested that the campaign may have been a bluff, but a few days later Oracle released a patch that addressed a zero-day vulnerability.
Fin11 and CL0P
Google’s threat information group (GIRL) has now published a new report that the attacks probably started in the first half of August 2025, “weeks before a patch was available”. There are also indications that some attacks also occurred in early July.
“In some cases, the threat actor successfully exiled a significant amount of data from affected organizations,” Google said.
The researchers seem to be a little confused about who is actually behind this campaign. While ransom -note clearly says CL0P is behind it – there is evidence that points to the involvement of a separate financially motivated group called Fin11.
“The pattern of utilizing a zero-day vulnerability in a widely used business application, followed by a large-scale, branded extortion campaign weeks later, is a hallmark of activity historically attributed to Fin11, which has strategic benefits that can also appeal to other threat players,” Ggig said in his report.
It can be a few things: Either CL0P is working with Fin11 on this, tactics, techniques and procedures, or it just rented its infrastructure for the campaign. There is also a possibility that Fin11’s methodology served as inspiration for the infamous Ransomware collective.
The actual number of victims is not yet known.
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
