Security firms Mandiant and Google are investigating a new extortion campaign targeting top executives at multiple companies, with emails claiming sensitive data was stolen from their Oracle E-Business Suite systems.
BleepingComputer reports that a new extortion campaign has emerged, targeting top executives at various organizations with claims that sensitive data has been stolen from their Oracle E-Business Suite systems. The campaign, which began in late September, is being tracked by security firms Mandiant and Google’s GTIG (Google Threat Intelligence Group).
According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the investigations are still in the early stages, and the claims made by the group behind the campaign have not yet been substantiated. Charles Carmakal, CTO of Mandiant – Google Cloud, stated that the extortion emails are being sent from hundreds of compromised email accounts, with at least one account previously associated with activity from FIN11, a financially motivated threat group known for deploying ransomware and engaging in extortion.
The emails contain contact addresses known to be listed on the Clop ransomware gang’s data leak site, suggesting a potential link to the extortion group. However, Carmakal emphasized that while the tactics resemble Clop’s previous campaigns, there is insufficient evidence to determine if data has actually been stolen.
After BleepingComputer reported on this extortion thread, alleged representatives of Clop reached out to the outlet:
After publishing this story, Clop claimed to BleepingComputer that they are involved in the extortion email, indicating a bug in Oracle’s product was exploited in the attacks. However, the threat actors would not share more detailed information about the alleged attacks.
“We not prepared to discuss details at this time,” Clop told BleepingComputer.
“Soon all will become obvious that Oracle bugged up their core product and once again, the task is on clop to save the day. We do not damage to systems and only expect payment for services we provide to protect hundreds of biggest companies in world.”
The U.S. State Department is currently offering a $10 million reward through its Rewards for Justice program for information linking Clop’s ransomware activities to a foreign government.
Read more at BleepingComputer here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
Read the full article here