Google reports that hackers linked to a well-known ransomware group are sending extortion emails to executives at numerous large organizations. The hackers claim to have stolen sensitive information from a suite of business software products developed by Oracle.
In a statement, Google’s head of cybercrime analysis, Genevieve Stark, said the hackers began sending these emails around September 29. However, the tech giant has not yet been able to verify the hackers’ claims about the stolen data.
The emails were sent from hundreds of compromised accounts. One of these accounts was used by a financially motivated cybercrime group affiliated with the Clop ransomware gang. Charles Carmakal, the chief technology officer of Google’s incident response unit Mandiant, explained that the malicious emails sent to executives contained contact addresses listed on Clop’s data leak site. Hackers use this site to pressure victims into paying to have their stolen files removed.
Clop is a prolific hacking group that has breached hundreds of companies in recent years. The group often exploits previously undiscovered security flaws, known as zero-day vulnerabilities, which are unknown to the software maker. These flaws have allowed the hacking group to breach multiple organizations at once, leading to the theft of data on at least tens of millions of people.
Bloomberg reported that in one instance the hackers demanded fifty million dollars from an affected company. This information came from the counter-ransomware firm Halcyon, which is responding to the hacking campaign but did not return a request for comment from TechCrunch.
According to the Bloomberg report, the hackers used compromised user emails and abused the default password-reset function to gain working credentials for Oracle E-Business Suite web-portals that are accessible from the internet.
Oracle E-Business Suite is a set of products developed by the tech giant Oracle to help companies manage their customer databases, employee information, and human resources files. Oracle states on its website that thousands of organizations around the world rely on its E-Business Suite to run their companies.
An Oracle spokesperson, Deborah Hellinger, did not return a request for comment.