Notorious Ransomware Group Hits Oracle, Data Leaks Confirmed

Oracle (NYSE:ORCL) applications have become the latest target of a notorious ransomware group that claims to have stolen sensitive corporate data, according to Alphabet (NASDAQ:GOOGL) Google's cybersecurity team and others familiar with the matter.

Hackers alleged they breached Oracle's E-Business Suite software that manages critical functions like finance, supply chains, and customer relationships and demanded ransoms as high as $50 million, cybersecurity firm Halcyon told Bloomberg on Thursday.

The attackers, who claim ties to the criminal outfit Cl0p, sent screenshots and file trees as proof of compromise, and at least one company has confirmed its Oracle data was stolen.

Also Read: Microsoft Adds Paragon Partition Manager Driver To Blocklist As Ransomware Hackers Exploit Windows-Signed Driver For Attacks

Google Threat Intelligence executive Genevieve Stark added that the hackers began sending extortion emails by September 29, using hundreds of compromised accounts. The messages, written in broken English and linked to email addresses previously tied to Cl0p, contained the group's own contact details.

Halcyon reported that attackers compromised user emails and exploited Oracle's default password-reset system to access credentials for internet-facing E-Business Suite portals.

Cl0p has a long track record of targeting large corporations. In 2023, the group exploited flaws in MOVEit, a widely used file-transfer tool, stealing data from companies including Shell (NYSE:SHEL), British Airways, and the British Broadcasting Corp. That attack prompted a U.S. Cybersecurity and Infrastructure Security Agency advisory describing Cl0p as one of the world's largest distributors of phishing and spam.

Notorious ransomware groups have unleashed major cyberattacks on U.S. companies across healthcare, technology, and critical infrastructure. They operate under a Ransomware-as-a-Service model, licensing malware to affiliates in exchange for a share of the profits.

In June 2025, Microsoft (NASDAQ:MSFT) warned that China-linked hackers are actively exploiting flaws in on-premises SharePoint servers, urging organizations to install its latest security updates immediately. The company said groups known as Linen Typhoon, Violet Typhoon, and Storm-2603 have been targeting servers since early July, using crafted requests to upload malicious scripts and steal sensitive data.

Price Action: ORCL stock was trading higher by 0.43% to $290.01 premarket at last check Friday.

Read Next:

• Oracle Stock Slips As Company Taps Debt Market For AI Infrastructure Spending: Report

Photo TippaPatt via Shutterstock