Recent cyberattacks exploiting Oracle E-Business Suite have impacted dozens of organizations worldwide, according to Google’s Threat Intelligence Group (GTIG). The Cl0p ransomware group launched an extortion campaign, emailing executives to threaten disclosure of files allegedly stolen from their Oracle EBS systems, demanding payment to prevent leaks.
The attacks reportedly started in July and ramped up in August 2025, with hackers exploiting a zero-day vulnerability—weeks before Oracle released a patch. In several cases, threat actors successfully exfiltrated large amounts of sensitive data from targeted companies.
While the ransom notes claimed Cl0p responsibility, Google researchers suggest the campaign either involved collaboration or tactical inspiration from FIN11, another financially motivated cybercrime group. Cl0p may have used FIN11’s strategies or even partnered with them, as both groups are known for exploiting zero-days in enterprise platforms and following up with large-scale extortion.
The full scale of the breach is still uncertain, with organizations across various sectors potentially affected. Oracle has since issued a patch for the exploited flaw, and companies are urged to update and review their security postures promptly.
