CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack

Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website. The post Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack appeared first on SecurityWeek.

Harvard hack

Harvard University is the first confirmed victim of the recent cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution.

Harvard was listed on the data leak website dedicated to victims of the Cl0p ransomware on October 12. The university was initially only named, but the cybercriminals have now published a link that points to data allegedly stolen from Harvard. 

The hackers have made available over 1.3 TB of archive files that allegedly contain Harvard data. SecurityWeek has not verified the content of the leaked files.

In a statement, Harvard confirmed being targeted in the Oracle EBS campaign. The organization’s investigation is ongoing, but it believes the incident impacts “a limited number of parties associated with a small administrative unit”.

Harvard said the vulnerability exploited by the hackers has been patched and there is no evidence of other systems being compromised. 

Google’s Threat Intelligence Group (GTIG) and Mandiant believe dozens of organizations have been targeted. 

While the hackers are believed to have stolen a significant amount of data, the sensitivity of the information likely differs for each victim. Information typically stored in an EBS instance can include financial, customer, supplier, HR, and inventory data.

The cybercriminals behind the Oracle EBS campaign sent out extortion emails to executives at the targeted organizations on behalf of the Cl0p ransomware group, likely due to the reputation it has built after conducting similar campaigns in the past. Those campaigns targeted customers of Cleo, MOVEit, Fortra and Accellion file transfer products.     

The Oracle attack has not been attributed to a specific threat group, but GTIG and Mandiant found several links to a cybercrime group tracked as FIN11, which alongside Cl0p was tied to the previous campaigns targeting file transfer products.

The attacks targeting Oracle EBS customers appear to have involved the exploitation of known and zero-day vulnerabilities, as well as the deployment of sophisticated malware.

CrowdStrike reported that exploitation of the software flaws appears to have started on August 9, but Google has seen some indication that the attacks may have begun as early as July 10. 

Related: Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data

Related: Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching

Related: Extortion Group Leaks Millions of Records From Salesforce Hacks

Latest News

CYBERNEWSMEDIAPublisher