Tags:
Journalism of Courage
Google said on Thursday that there were likely to be more than 100 companies affected by an ambitious hacking campaign that targeted Oracle’s suite of business products, an early assessment that could portend wide-ranging damage.
Google, a unit of Alphabet, said in a statement that “mass amounts of customer data” were stolen in an operation it said may have begun as early as three months ago.
“This level of investment suggests the threat actor(s) responsible for the initial intrusion likely dedicated significant resources to pre-attack research,” the email said.
Google, which has a vast cybersecurity practice alongside its better known search, email and video offerings, noted in a blog post that the group believed to be at the center of the intrusions, CL0P, has a long history of wide-ranging compromises against third party software or service providers.
In a separate statement to Reuters, Google analyst Austin Larsen said that “we are aware of dozens of victims, but we expect there are many more. Based on the scale of previous CL0P campaigns, it is likely there are over a hundred.”
Google said the hackers targeted Oracle’s E-Business Suite of applications, which Oracle clients use to manage customers, suppliers, manufacturing, logistics, and other business processes. Oracle did not immediately return an email seeking comment.
Previously, the company had confirmed that there was extortion activity aimed at its clients. CL0P did not immediately respond to an email seeking comment. Previously, the hacker group said it would soon be clear that Oracle had “bugged up their core product.”
