Google says hackers associated with a prolific ransomware group are sending extortion emails to executives at “numerous” large organizations after claiming to have stolen their sensitive information from a suite of business software products developed by Oracle.
In a statement provided to TechCrunch, Google’s head of cybercrime analysis Genevieve Stark said the hackers began sending emails to executives around September 29, but that the tech giant has not yet substantiated the hackers’ claims.
The emails were sent from hundreds of compromised accounts, including one used by a known financially motivated cybercrime group affiliated with the Clop ransomware gang.
Charles Carmakal, the chief technology officer of Google’s incident response unit Mandiant, told TechCrunch that the malicious emails sent to executives contained contact addresses that are listed on Clop’s data leak site, which the hackers use to pressure victims into paying them to remove their stolen files.
Clop is a prolific hacking group that has hacked hundreds of companies in recent years, often by exploiting previously undiscovered security flaws that are unknown to the software maker, known as zero-day vulnerabilities. These flaws have allowed the hacking group to breach multiple organizations at once, allowing the theft of data on at least tens of millions of people.
Bloomberg reported that in one case the hackers demanded $50 million from an affected company, citing the counter-ransomware firm Halcyon, which is responding to the hacking campaign but did not return a request for comment from TechCrunch.
According to Bloomberg, the hackers used compromised user emails and abused the default password-reset function to gain working credentials for Oracle E-Business Suite web-portals that are accessible from the internet.
Oracle E-Business Suite is a set of products developed by tech giant Oracle to help companies manage their customer databases, employee information, and human resources files. Oracle says on its website that thousands of organizations around the world rely on its E-Business Suite to run their companies.
Oracle spokesperson Deborah Hellinger did not return a request for comment on Thursday.
Do you know more about the extortion campaign? Are you an executive who received an extortion threat? We would love to hear from you and can keep you anonymous. Securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal.
