CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

Michelin Confirms Data Breach Linked to Oracle EBS Attack

The cybercriminals have leaked more than 300GB of files allegedly stolen from the tire giant. The post Michelin Confirms Data Breach Linked to Oracle EBS Attack appeared first on SecurityWeek.

Michelin data breach

Tire giant Michelin has confirmed a data breach stemming from the massive cybercrime campaign that targeted organizations using Oracle’s E-Business Suite (EBS) solution. 

The Cl0p ransomware and extortion group has taken credit for the EBS hacking campaign, which involved the exploitation of zero-day vulnerabilities to gain access to data stored by the targeted organizations in Oracle’s enterprise management software. 

It’s worth noting that while Cl0p serves as the public-facing extortion brand for the Oracle EBS campaign, cybersecurity researchers believe the operation was driven by a sophisticated cluster of threat actors, most notably FIN11.

More than 100 allegedly targeted organizations have been listed on the Cl0p website.

One of them is tire maker Michelin, which has now confirmed for SecurityWeek that it was one of the impacted organizations. 

“Like countless organizations every day, Michelin is at times the object of cyber-attacks,” a Michelin spokesperson said, adding, “Despite the highest levels of protection we have in place, Michelin has recently experienced such an incident at the same time as many other companies.”

The company said its teams promptly conducted a thorough investigation and determined that an Oracle EBS zero-day was exploited in the attack.

“Thanks to Michelin’s expertise and processes in the matter, all the corrective actions were taken at the appropriate time and were totally effective. The situation is now fixed,” the spokesperson said.

The company has confirmed that the hackers accessed some files, but said only “a small, localized, volume of data with no sensitive or technical IT information was affected by the incident”. 

Michelin pointed out that no ransomware was involved in the attack and that there has been no impact on its global systems. 

“Please be sure that the safety of the data and services of our customers and partners is of utmost importance to us,” the spokesperson said.

The cybercriminals have made public more than 315GB of archives allegedly containing files stolen from Michelin. 

SecurityWeek has not downloaded the leaked data, but a brief metadata and file tree analysis indicates that at least some of the files indeed originate from an Oracle EBS environment.

Madison Square Garden also confirmed recently that it was targeted in the Oracle EBS campaign. The admission came months after the hackers leaked more than 210GB of archives containing files allegedly stolen from the company.

Related: Auto Parts Giant LKQ Confirms Oracle EBS Breach

Related: 3.5 Million Affected by University of Phoenix Data Breach

Related: Korean Air Data Compromised in Oracle EBS Hack

Latest News

CYBERNEWSMEDIAPublisher