Imagine you are the CEO of a large corporation and, one day, you find an email in your inbox indicating that cybercriminals have hacked into your Oracle E-Business Suite (the software that companies use for finance, HR, and supply chain). The cybercriminals had stolen documents and, without payment, they would release them. Terrifying, right?
This is what is occurring right now. As the group known as Clop (CL0P) is emailing extortion letters and companies are worried.
The emails state:
• The hackers had hacked into the Oracle E-Business Suite
• The hackers specifically say they made copies of “a lot of documents.”
• A victim must pay, or else their data could get sold online or leaked.
In fact, they think it's more intimidating to use email addresses linked to Clop's data leak webpage address. The bizarre part? No one has proven yet that tons of data was exfiltrated or exfiltrated at all.
Oracle also stated that the hackers could potentially be re-analyzing a bug, which was patched in Security Updates in July of 2025. If this is true, companies that did not install the patches are in a dilemma.
Clop told reporters they hacked data, but they only stated "we do not break systems, we only share data for payment."
• Sensitive company information like financial data, HR information, or customer information.
• Damage to your reputation if the data is exposed on the internet.
• Big ransoms — reports have included demands of more than $50 million.
• Weak passwords
• Misconfigured systems
• Ancient security vulnerabilities in Oracle EBS
Additionally, there are so many email accounts being used, it is impossible to verify if all emails are actually from Clop — it could just be that some scammers are posing as them.
• Update to the most recent Oracle EBS July 2025 if it has not been done already.
• Review access logs for suspicious logins, password resets, etc.
• Watch for strange file transfers or changes to the systems.
• Remind executives not to panic define SpON-IWona pay.
• Be prepared with incident response plans focusing on Oracle EBS.
This is what is occurring right now. As the group known as Clop (CL0P) is emailing extortion letters and companies are worried.
What is Happening
These emails started to appear in late September 2025. Cybercriminals are using hundreds of compromised email accounts to send these extortion emails. Security researchers have even traced some of these compromised emails to a group known as FIN11, who has partnered with Clop in the past.The emails state:
• The hackers had hacked into the Oracle E-Business Suite
• The hackers specifically say they made copies of “a lot of documents.”
• A victim must pay, or else their data could get sold online or leaked.
In fact, they think it's more intimidating to use email addresses linked to Clop's data leak webpage address. The bizarre part? No one has proven yet that tons of data was exfiltrated or exfiltrated at all.
Is the Hackers' Claim Real?
Security companies, such as Mandiant and Google, will investigate. They have not verified Clop somehow entered Oracle's environment.Oracle also stated that the hackers could potentially be re-analyzing a bug, which was patched in Security Updates in July of 2025. If this is true, companies that did not install the patches are in a dilemma.
Clop told reporters they hacked data, but they only stated "we do not break systems, we only share data for payment."
Why This Matters
If Clop’s allegations are true, here’s what's at risk:• Sensitive company information like financial data, HR information, or customer information.
• Damage to your reputation if the data is exposed on the internet.
• Big ransoms — reports have included demands of more than $50 million.
What Makes This Attack Unique
Typically, Clop uses Zero-day bugs (new, unknown software vulnerabilities). In this case, they are likely exploiting:• Weak passwords
• Misconfigured systems
• Ancient security vulnerabilities in Oracle EBS
Additionally, there are so many email accounts being used, it is impossible to verify if all emails are actually from Clop — it could just be that some scammers are posing as them.
What Companies Should Do
If I were responsible for Oracle EBS right now, I would do the following as soon as possible:• Update to the most recent Oracle EBS July 2025 if it has not been done already.
• Review access logs for suspicious logins, password resets, etc.
• Watch for strange file transfers or changes to the systems.
• Remind executives not to panic define SpON-IWona pay.
• Be prepared with incident response plans focusing on Oracle EBS.