According to Google, hackers associated with the prolific ransomware group are sending horror emails to executives from “many” large organizations after claiming they had stolen sensitive information from a set of business software products developed by Oracle.
In a statement provided to TechCrunch, the head of Google's cybercrime analysis Genevieve Stark said that hackers began sending emails to executives around September 29th, but the Tech giant has yet to demonstrate the hackers' claims.
The emails were sent from hundreds of compromised accounts, including those used by known financially motivated cybercriminal groups belonging to the CLOP ransomware gang.
Charles Carmakal, chief technology officer of Google's incident response unit Mandiant, said malicious emails sent to executives are listed in Clop's data leak site, which hackers use to pressure victims to delete stolen files.
Clop is a prolific hacking group that has hacked hundreds of companies in recent years, leveraging previously undiscovered security flaws that were often unknown to software manufacturers known as zero-day vulnerabilities. These flaws allowed hacking groups to violate multiple organizations at once, allowing theft of at least tens of millions of data.
Bloomberg reported that hackers have requested $50 million from affected companies, citing hackerware company Halcyon, which in one case responds to a hacking campaign but does not return requests for comment from TechCrunch.
According to Bloomberg, hackers have used compromised user mail and abused the default password squeeze feature to obtain work qualifications for the Oracle E-Business Suite web portal, accessible via the internet.
Oracle E-Business Suite is a set of products developed by Tech Giant Oracle that helps businesses manage customer databases, employee information, and HR files. On its website, Oracle says that thousands of organizations around the world rely on e-business suites to run their businesses.
Oracle spokesman Deborah Hellinger did not reply to a request for comment Thursday.
Do you know more about the Horror Campaign? Are you an executive who has been threatened by a terror? We want to hear from you and can keep you anonymous. Please contact this reporter securely via a message encrypted with Zackwhittaker.1337.