Washington Post is latest victim of Oracle-hacking Cl0p gang
The Washington Post on Thursday said it is the latest victim of the Cl0p ransomware group and its ongoing Oracle attack spree, which has impacted hundreds of organizations and counting.
-
Bezos-owned Washington Post falls victim to Cl0p ransomware, prominently displayed on the gang's dark web leak site.
-
The Post said Cl0p gained access to systems via its Oracle E-Business Suite, part of a widespread campaign that has already claimed hundreds of organizations.
-
The US daily newspaper now faces Cl0p's trademark ultimatum: pay up or your stolen data will be published.
In an official statement, the Washington, D.C.-based newspaper confirmed it has joined the long list of victims exploited "by the breach of the Oracle E-Business Suite platform."
Owned by Amazon founder Jeff Bezos, the Washington Post appeared this week at the top of the Cl0p ransomware gang’s dark leak site, most likely due to name recognition.
Cl0p then called out the daily paper in a separate section using a bright yellow font, along with three other victim companies.
“WASHINGTONPOST.COM - PAGE CREATED, WARNING.” it said.
The move is one of the gang’s latest tactics, attempting to convince victims to pay up or else expect their stolen data to be published on the site (via a magnet link that can only be downloaded using a BitTorrent client).
WaPo caught up in EBS zero-day
The Oracle E-Business Suite (EBS) of applications – used by thousands of companies and organizations worldwide – allows clients to manage customers, suppliers, manufacturing, logistics, and other business processes.
The Post has not yet revealed how much data the Russian speaking ransomware operators may have pilfered, or what systems may have been breached.
Known for its previous mass hacking sprees, Cl0p successfully exploited a critical zero-day vulnerability in the EBS software over the summer. Many organizations only discovered they had been breached in August, some after receiving a ransom note from the gang via email.
And by then it was already too late. The initial Cl0p exploit, first reported by Oracle on October 2nd, had been tracked by Google researchers as far back as July,
Furthermore, Oracle's first emergency patch, released just days after the initial announcement, had failed, prompting a second critical patch on October 11th, leaving clients vulnerable for days.
Big-name victims of the widespread Oracle hacking campaign, some whose data has already been published on the Cl0p site, have included Harvard University, American Airlines' largest regional carrier Envoy Air, DXC Technology, and Chicago Public Schools, the fourth-largest district in the United States.
Cl0p's past campaigns – exploiting the MOVEit, Fortra GoAnywhere, and Cleo file transfer programs – have compromised thousands of major organizations over the years, often taunting its victims and raking in hundreds of millions of dollars.
The MOVEIT exploit, which occurred in 2023, was one of the most extensive hacking campaigns ever, affecting over 2,600 organizations and nearly 90 million individuals.
The group is believed to be of Russian origin and has been active since at least 2019.
Unlock more exclusive Cybernews content on YouTube.
