Oracle Corporation has officially acknowledged that cybercriminals are targeting customers of its E-Business Suite (EBS) platform through sophisticated extortion campaigns<\/a>.\u00a0<\/p>\n The company\u2019s Chief Security Officer, Rob Duhart, confirmed that hackers have been exploiting previously identified vulnerabilities that were addressed in Oracle\u2019s July 2025 Critical Patch Update (CPU).\u00a0<\/p>\n This latest security incident underscores the persistent threat landscape facing enterprise applications and highlights the critical importance of timely security patch deployment.<\/p>\n Bloomberg stated that<\/a> the cybercriminal group, claiming affiliation with the notorious Cl0p ransomware<\/a> organization, has been conducting a highly coordinated attack campaign against Oracle E-Business Suite installations.\u00a0<\/p>\n According to cybersecurity firm Halcyon, the threat actors have demonstrated sophisticated tactics, techniques, and procedures (TTPs) by compromising user email accounts and exploiting default password-reset functions to obtain valid credentials for internet-facing Oracle EBS portals.<\/p>\n The attackers have provided victims with proof of compromise, including detailed screenshots and file tree structures demonstrating unauthorized access to sensitive corporate data.\u00a0<\/p>\n In at least one documented case, the extortion demands reached as high as $50 million, representing one of the largest ransom demands observed in recent cybercriminal campaigns.\u00a0<\/p>\n The threat actors began distributing extortion emails on or before September 29, 2025, using hundreds of compromised third-party email accounts to evade detection mechanisms.<\/p>\n Oracle\u2019s E-Business Suite, which manages critical enterprise functions including financial management, supply chain operations<\/a>, and customer relationship management (CRM), has become an attractive target due to its extensive deployment across large organizations.\u00a0<\/p>\n The vulnerability exploitation appears to leverage previously identified security flaws that were patched in Oracle\u2019s July 2025 Critical Patch<\/a> Update, specifically addressing CVE identifiers related to authentication bypass and privilege escalation attacks.<\/p>\n Genevieve Stark, head of cybercrime at Google Threat Intelligence Group, confirmed that the extortion emails contain contact details matching those listed on Cl0p\u2019s official dark web infrastructure.\u00a0<\/p>\n The threat group\u2019s modus operandi includes characteristic grammatical errors and linguistic patterns consistent with previous Cl0p operations, including their infamous 2023 MOVEit campaign<\/a> that compromised over 3,000 organizations in the United States and 8,000 globally.<\/p>\n Oracle has reiterated its strong recommendation for the immediate deployment of the latest Critical Patch Updates, emphasizing that organizations maintaining current security patch levels significantly reduce their attack surface.\u00a0<\/p>\n The company\u2019s security advisory<\/a> specifically references the July 2025 CPU, which addressed multiple high-severity vulnerabilities with CVSS scores ranging from 7.5 to 9.8, including remote code execution (RCE) and SQL injection<\/a> attack vectors.\u00a0<\/p>\n Organizations experiencing similar extortion attempts are advised to contact Oracle Support immediately while implementing incident response procedures, including network segmentation and the preservation of forensic data.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEil7nHxfNfNv9nUB89YIPtBDga6-eOEUiXgEf48SfstHhdLvH9fWDsA0gBY24QcWtMQgQRyWsBbmPHHWGiArrFmAiLnIzdtlbuTKwXC2FRdPtethgnCes35VfLmvcpSpMg0RICeJESlhnws-h8Fz-KvXDCa2NKQxI7yNos7lycw_RpwGpjVUn_7T8nfZvZZ\/w640-h374\/Oracle%2520Security%2520Update.png?ssl=1\")
<\/figure>\n<\/div>\n\nOracle E-Business Suite<\/strong> Customers Targeted<\/strong>
\n<\/h2>\n