ShinyHunters hacked Oracle servers at over 100 organizations
What's the story
The notorious cybercrime group, ShinyHunters, has claimed responsibility for breaching Oracle's PeopleSoft servers at over 100 organizations. The victims include a number of universities. The news was first reported by BleepingComputer and later confirmed by TechCrunch through a member of the ShinyHunters group. PeopleSoft is an enterprise software used for payroll, human resources, administration, and other business functions.
Cyber tactics
Group involved in multiple high-profile data breaches
ShinyHunters has made a name for itself by exploiting vulnerabilities in widely-used software, allowing them to compromise multiple victims at once. The group specializes in mass hacks and is one of the most visible and active cybercrime groups today. They recently claimed to have exfiltrated student records including home addresses, phone numbers, emails, and dates of birth from the compromised systems.
Cyber history
Initial goal was to hack an FBI PeopleSoft server
The ShinyHunters member revealed that most of the targeted schools had already been compromised in previous, unrelated campaigns. The group's initial goal was to hack an FBI PeopleSoft server and post a statement denying their involvement in a series of swatting attempts flagged by the FBI last month. However, this attempt was unsuccessful. Oracle has yet to respond to requests for comment on the matter.