Yes

>>Google says a large volume of customer data was compromised and is being used in an extortion attempt.

Google says a large volume of customer data was compromised and is being used in an extortion attempt.

crypthub

about 17 hours ago

Extortion Campaign Targeting Oracle EBS

Google and Mandiant have uncovered a large-scale extortion campaign exploiting vulnerabilities in Oracle’s E-Business Suite (EBS). Attackers have stolen significant volumes of customer data and are threatening to publish it unless a ransom is paid. The operation began in late September 2025, and involved emails sent from compromised third-party accounts, referencing data breaches.

Exploitation and Technical Details

The attackers exploited a zero-day vulnerability, now tracked as CVE-2025-61882, using complex Java implants and chains. These included components like UiServlet and SyncServlet for remote code execution and the installation of malware such as GOLDVEIN.JAVA and the SAGE chain. Attackers explored systems using the “applmgr” account to gather information and install malicious files.

Attribution and Recommendations

The campaign shows similarities to the FIN11 cybercrime group and the CL0P extortion brand, known for previous attacks targeting systems like MOVEit. Oracle has issued emergency updates to address vulnerabilities, urging customers to apply the latest patches. Google advises monitoring specific database tables and endpoints, blocking external traffic, and analyzing memory dumps for malicious Java payloads.