Google says 100+ companies likely affected in Oracle-linked data breach
What's the story
Google has revealed that an extensive hacking campaign targeting Oracle's suite of business products has likely impacted over 100 companies. The attack, which may have started as early as three months ago, resulted in the theft of "mass amounts of customer data," according to a statement from the tech giant. The scale and sophistication of this operation suggest that significant resources were invested in pre-attack research by the threat actor(s) responsible for it.
Attack details
CL0P group behind the attack
The hacking campaign was carried out by a group known as CL0P, which has a history of compromising third-party software or service providers. Google analyst Austin Larsen told Reuters, "We are aware of dozens of victims, but we expect there are many more. Based on the scale of previous CL0P campaigns, it is likely there are over a hundred."
Targeted software
Attack targeted Oracle's E-Business Suite
The hackers specifically targeted Oracle's E-Business Suite of applications, which are used by clients to manage various business processes such as customer and supplier management, manufacturing, and logistics. Despite the scale of the attack and its potential implications for many businesses, Oracle has yet to comment on the matter. The company had previously confirmed that there was extortion activity aimed at its clients.