Oracle customers sent extortion emails claiming data breach in suspected Cl0p campaign

Published: 2 October 2025
Last updated: 2 October 2025
warning-google
Image by Cybernews.

Threat actors have been hounding Oracle customers with emails claiming to have stolen data from the tech company’s E-Business Suite. Researchers have reason to believe the notorious ransomware gang Cl0p is behind it.

An unknown number of Oracle customers have reportedly received emails from hackers claiming to have stolen data from the tech giant’s E-Business Suite, Oracle’s leading product used for financial management and other business needs.

While researchers have yet to identify the scope of the incident, specialists who spoke to Cyberscoop believe that Cl0p is behind the attack.

ADVERTISEMENT

The extortion campaign is characterized by a high volume of emails sent from compromised accounts affiliated with the ransomware cartel.

These malicious emails contain contact information that cybersecurity researchers from Mandiant have traced back to Cl0p’s data leak site, Cyberscoop reports.

The emails reportedly targeted executives from various companies who use Oracle’s E-Business Suite, sending them emails from hundreds of exploited third-party accounts.

Oracle customers began receiving these malicious emails towards the end of September, on or around the 29th.

The emails contained grammatical errors and were generally described as “sloppy,” a person familiar with the attack told Bloomberg.

The hackers demanded ransom payments, with one organization receiving a ransom demand of up to $50 million, journalists reported.

In the emails, the hacker group provided victim organizations with proof of the data breach, including screenshots and file trees.

However, it’s unclear whether the hacker’s claims are credible. Cyber defense organizations, including Mandiant, Google Threat Intelligence, and Halcyon, are currently investigating the attack.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Add us as your Preferred Source on Google
Follow us

What is Cl0p?

The ransomware cartel is a prolific and notorious cybercrime organization responsible for ransomware attacks on huge companies.

Cl0p was responsible for the hacks of the MOVEit and Fortra GoAnywhere file management software.

The MOVEIT exploit, which occurred in 2023, was one of the largest-ever hacking campaigns, impacting over 2,600 organizations and almost 90 million individuals.

The hackers within the group may have earned anywhere from $75 million to $100 million from the MOVEit hacks.

Cl0p also listed 63 organizations on its leak site in 2024 after exploiting critical security flaws in the Cleo file transfer platform.

The hack's victims included large companies and organizations such as Western Alliance Bank, Hertz, Chicago Public Schools, Nissin Foods (maker of Ramen Cup Noodles), and SDI Technologies (Timex, iHome).

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT