Cl0p Extortion Campaign Claims Theft via Oracle E-Business Suite (Campaign)
ID: 6936c67e-dcc6-5ef1-9b4a-30f0ef1ff6b2
STIX ID: report--6936c67e-dcc6-5ef1-9b4a-30f0ef1ff6b2
Feed Name: Wiz Cloud Threat Landscape
Date Published: 2025-10-02
Date Updated: 2026-05-01
Author: [email protected] (Wiz Threat Research)
Cl0p claims to have stolen data from Oracle E-Business Suite and is sending extortion emails to executives; Oracle tied the activity to vulnerabilities addressed in the July 2025 Critical Patch Update and disclosed an in-the-wild 0-day (CVE-2025-61882). Responders report attackers compromised user email accounts and abused a default password-reset function to access data, prompting public advisories and patching guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.