"According to Google Threat Intelligence Group (GTIG) and Mandiant, the malicious activity allegedly targeting Oracle EBS appears to have started on or around September 29. The attackers have sent extortion emails to executives at "numerous" companies, claiming to be affiliated with the notorious Cl0p cybercrime group. GTIG and Mandiant researchers have described the attacks as a high-volume email campaign leveraging hundreds of compromised accounts, including ones previously linked to a profit-driven threat group named FIN11."
"Mandiant and GTIG said they are in the early stages of their investigations and could not confirm whether the hackers' claims are substantiated. "It is critical to note that while the tactics align with an extortion motive and the actor is explicitly claiming this connection, GTIG does not currently have sufficient evidence to definitively assess the veracity of these claims," said Charles Carmakal, CTO of Mandiant."
Malicious activity targeting Oracle E-Business Suite began around September 29 with extortion emails sent to executives at numerous companies claiming affiliation with the Cl0p cybercrime group. The campaign used hundreds of compromised accounts in a high-volume email operation, including accounts previously linked to the financially motivated group FIN11. Contact information in the extortion messages matches addresses listed on the Cl0p leak website, providing some circumstantial linkage. Investigations remain in early stages and the claims of stolen data have not been substantiated. Attribution in financially motivated cybercrime is complex, as actors often mimic established groups to increase leverage over victims.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]