Unpacking the Oracle EBS Debacle: Industries, Geography, and MOVEit Comparisons

Censys, Mandiant, and Google TIG observed an extortion campaign by Cl0p exploiting zero-day vulnerabilities in Oracle E-Business Suite (notably CVE-2025-61882 and CVE-2025-61884) to gain remote code execution and exfiltrate data; roughly 2,700 EBS instances were observed online with concentrations in the U.S., China, and India, and affected organizations span manufacturing, government, conglomerates, and energy sectors — the report details exposures, industry/geographic breakdowns, and comparisons to the 2023 MOVEit campaign.