Newsletters
U.S.-based technology giant Google announced Thursday that dozens of companies were compromised in a large-scale hacking campaign targeting cloud computing firm Oracle’s suite of business software.
The company revealed in a blog post that "mass amounts of customer data" were stolen, affecting organizations that rely on Oracle’s enterprise software for operations and financial management.
Oracle Corporation, headquartered in Austin, Texas, provides enterprise software and cloud infrastructure services to thousands of corporations, government agencies, and financial institutions worldwide. Its flagship products, including Oracle Cloud Infrastructure and Oracle E-Business Suite, are used for data management, human resources, accounting, and supply chain operations.
While Google did not disclose which specific Oracle products were affected or name the impacted firms, it confirmed that the breach was among the most extensive seen in recent years. Oracle has yet to issue a public statement on the matter.
Investigators traced the breach to a critical zero-day vulnerability—identified as CVE-2025-61882—in Oracle E-Business Suite (EBS), a widely used enterprise resource planning (ERP) platform. The flaw allowed remote code execution without authentication, effectively granting attackers full control over affected systems.
The Cl0p ransomware group is believed to have exploited this weakness in mid-2025, using it quietly for weeks before the vulnerability was publicly disclosed. Oracle released an emergency patch on October 4, urging all customers to update their systems immediately.
Unlike traditional ransomware attacks, Cl0p did not encrypt victims’ data but instead exfiltrated sensitive files, including payroll records, vendor contracts, and financial transactions. Many affected companies only realized they had been compromised after receiving extortion emails demanding large ransom payments.
As a precaution, numerous organizations temporarily shut down their ERP servers to conduct forensic reviews and apply security patches. This caused short-term operational disruptions to payroll processing, order management, and financial reporting systems.
The exposure of business and employee data has raised potential compliance issues under privacy laws such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Even companies that declined to pay the ransom could face reputational and financial consequences.
Some firms were unable to deploy Oracle’s emergency update immediately because it required an earlier baseline patch from October 2023. This dependency left many systems vulnerable for longer than expected.
Following the disclosure, publicly available exploit scripts began circulating online, prompting a wave of copycat attacks as opportunistic hackers scanned for unpatched Oracle EBS environments.
Breaking News, Direct to You.
Follow Türkiye Today on WhatsApp
for real-time updates and key insights from Türkiye and beyond.
Google’s Threat Intelligence Group (GTIG) and Mandiant advised organizations using Oracle systems to take immediate action to reduce exposure and prevent further breaches. They urged companies to apply Oracle’s latest security updates without delay, monitor their networks for suspicious activity, and restrict unnecessary internet connections from critical servers.
Google also recommended that affected firms review user access logs, reset potentially compromised credentials, and enable multi-factor authentication to strengthen account security. The companies emphasized that prompt patching and proactive monitoring remain the most effective ways to defend against ongoing exploitation attempts.
1 min read
3 min read
