Google: cl0p-linked hackers are sending extortion emails to top executives
What's the story
Executives at major corporations are being targeted by a notorious ransomware group, which claims to have breached their data through Oracle Corp.'s widely-used E-Business Suite applications. The information was revealed by Genevieve Stark, Google's Threat Intelligence Group head of cybercrime, and three other sources. The group, which identifies itself as part of a criminal organization called Cl0p, started sending extortion emails around September 29.
Email tactics
Emails sent from hacked 3rd-party accounts
The extortion emails were sent from hundreds of hacked third-party accounts, Stark said. They allege data theft and are written in poor English and grammar, which is typical for this group. At least one email address used in these messages has been linked to a Cl0p affiliate before. The contact information mentioned in the emails also matches that on Cl0p's own website, Stark added.
Application vulnerability
Oracle's E-Business Suite apps under threat
Oracle's E-Business Suite apps are critical for running core business operations such as financial management, supply chain coordination, and customer relationship management. The fact that these applications are now being targeted by a ransomware group raises serious concerns about their security. Despite the allegations made in the extortion emails, Google has yet to find enough evidence to confirm or deny them.
Past attacks
Cl0p previously exploited vulnerabilities in MOVEit
Cl0p is notorious for targeting large corporations with advanced malware to lock their files and demand ransom for their deletion. In 2023, the group was accused of exploiting vulnerabilities in MOVEit, a file-transfer product used by companies to share sensitive data. It claimed to have stolen data from hundreds of organizations during that attack. Among the victims were Shell Plc, British Airways, and the British Broadcasting Corp (BBC).
Cyber alert
US Cybersecurity and Infrastructure Security Agency warned about Cl0p
In June 2023, the US Cybersecurity and Infrastructure Security Agency issued a warning about Cl0p. The agency described it as "one of the largest phishing and malspam distributors worldwide," estimating that it had compromised over 3,000 organizations in the US and 8,000 globally. This highlights the scale of Cl0p's operations and its potential threat to businesses worldwide.