Clop Hackers Caught Exploiting Oracle Zero-day Bug To Steal Executives’ Personal Data

Oracle has fixed a zero-day vulnerability successful 1 of its flagship business package products that a hacking group is presently abusing to bargain individual accusation astir firm executives. 

In a little post updated complete nan weekend, Oracle main information serviceman Rob Duhart said nan tech elephantine released a caller spot to hole a vulnerability successful its Oracle E-Business suite, and urged customers to instal nan update arsenic soon arsenic possible.  

The security advisory said nan bug, tracked officially arsenic CVE-2025-61882, tin beryllium “exploited complete a web without nan request for a username and password.” The advisory provided respective alleged indicators of discuss to thief Oracle customers place grounds of hackers connected their systems, suggesting that hackers are presently exploiting nan vulnerability to bargain customers’ delicate data. 

Oracle says thousands of organizations astir nan world usage its E-Business Suite to tally their companies, including storing their customer information and their employee’s quality resources files. 

The bug is known arsenic a zero-day because Oracle, successful this case, was fixed nary clip to spot nan bug earlier it was maliciously exploited. 

Duhart’s updated station is an about-face from earlier this week, erstwhile a erstwhile type of his station said Oracle was alert that immoderate executives “have received extortion emails” linked to antecedently identified vulnerabilities patched successful July, suggesting nan extortion run was over. The recently identified zero-day bug suggests nan hackers continued to utilization flaws successful Oracle’s E-Business package that were chartless to Oracle astatine nan time. 

News of nan extortion attempts targeting firm executives first emerged past week.  

On October 2, Google information researchers said they recovered nan prolific hacking group called Clop, which has been linked to galore ransomware attacks and extortion attempts successful caller years, was sending emails to Oracle executives astir September 29 demanding money to not people their individual accusation online. 

Charles Carmakal, nan main exertion serviceman of Google’s incident consequence portion Mandiant, said successful a post published Sunday connected LinkedIn that nan vulnerabilities successful Oracle’s E-Business package were being utilized successful a “mass exploitation” run for information theft and extortion.  

Much of nan exploitation happened during August, said Carmakal, aft nan July patches were released. 

“Clop has been sending extortion emails to respective victims since past Monday,” said Carmakal, but noted that nan hackers haven’t reached retired to each victims yet.