Close Menu
Cybercrime and Ransomware

Oracle Links Clop Extortion Attacks to July 2025 Vulnerabilities

Staff WriterBy No Comments4 Mins Read0 Views

Quick Takeaways

  1. Oracle links an extortion campaign by the Clop ransomware gang to vulnerabilities in its E-Business Suite patched in July 2025, although official attribution is pending.
  2. Customers received extortion emails claiming data was stolen from Oracle EBS systems, with the attackers referencing a bug in an Oracle product and demanding ransom.
  3. Oracle advised clients to update their software following the discovery of nine security flaws, including three that could be exploited remotely without user credentials.
  4. Clop has a history of targeting zero-day vulnerabilities in big software platforms, with the US State Department offering a $10 million reward for links between Clop attacks and foreign governments.

The Issue

The Clop ransomware gang has initiated an extortion campaign targeting Oracle E-Business Suite (EBS) customers, leveraging vulnerabilities that were addressed in the July 2025 Critical Patch Update. Although Oracle has not officially confirmed that these breaches are directly linked to the patched flaws, the company’s Chief Security Officer, Rob Duhart, acknowledged that some customers have received ransom emails from Clop, warning that their sensitive data has been stolen. The attackers began sending these emails around September 29, 2025, claiming to have breached Oracle’s systems, copied private files, and threatening to leak the data unless they are paid. Multiple cybersecurity groups, including Mandiant and Google’s Threat Intelligence Group (GTIG), are investigating whether data has been exfiltrated, but evidence remains inconclusive. Clop has a notorious history of exploiting zero-day vulnerabilities in various software platforms, and their recent threats point to a flaw in Oracle’s product as the underlying cause of their attacks. The incident underscores the persistent threat posed by organized cybercrime groups and highlights the importance for Oracle customers to promptly update their systems and remain vigilant against extortion schemes.

Risks Involved

The Clop ransomware gang has launched an extortion campaign targeting Oracle E-Business Suite (EBS) users, exploiting vulnerabilities that were patched in the July 2025 Critical Patch Update, including three that allow remote unauthenticated access. While Oracle has not officially linked these attacks directly to the gang, the company confirms that some customers have received extortion emails claiming data breaches and stolen information, with threat actors threatening to leak sensitive corporate data unless paid. Multiple security firms, including Mandiant and Google Threat Intelligence Group, report ongoing investigations into the attacks, which reportedly began around late September 2025. Clop’s claims stem from previous campaigns involving zero-day vulnerabilities in software like MoveIt Transfer and Accellion FTA, resulting in extensive data breaches affecting thousands of organizations worldwide. The U.S. government has placed a $10 million bounty for information connecting Clop’s operations to foreign governments, underscoring the significant threat cybersecurity risks pose to enterprise data integrity, operational resilience, and overall digital trust.

Possible Remediation Steps

Promptly addressing the Oracle links Clop extortion attacks connected to July 2025 vulnerabilities is critical to safeguarding sensitive data and maintaining organizational resilience against cyber threats. Delays in remediation can lead to increased exploitation risk, potential data breaches, and significant financial and reputational damage.

Mitigation Strategies

  • Patch Deployment: Implement all relevant security patches related to the July 2025 vulnerabilities immediately to close known entry points.
  • Vulnerability Assessment: Conduct comprehensive scans to identify systems impacted by the vulnerabilities, prioritizing those with high-risk configurations.
  • Access Controls: Tighten user permissions and enforce strict access policies to limit potential attack surfaces.
  • Backup and Recovery: Ensure reliable data backups are in place and develop robust recovery plans in case of an attack or breach.
  • Threat Monitoring: Deploy advanced intrusion detection systems and continuously monitor network activity for signs of compromise.
  • User Awareness: Educate staff about phishing and social engineering tactics that may be used in conjunction with extortion schemes.
  • Incident Response Planning: Prepare and regularly update an incident response plan specifically tailored to ransomware and extortion threats.
  • Vendor Collaboration: Work with Oracle and security vendors to stay informed about emerging threats and recommended protective measures.
  • Legal and Compliance Review: Consult legal experts to understand compliance obligations and prepare necessary disclosures if an incident occurs.

Stay Ahead in Cybersecurity

Stay informed on the latest Threat Intelligence and Cyberattacks.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.