AI Cybercrime: The New Cybersecurity Arms Race 2025

Hackers Target Executives with Oracle Apps Extortion Emails

Hackers Are Sending Extortion Emails to Executives After Claiming Oracle Apps Data Breach

Executives at several large organizations are receiving extortion emails from hackers claiming a breach of Oracle E-Business Suite data, according to security researchers and Google. The emails reportedly began circulating around September 29, 2025.

The attackers are linked to the Clop ransomware gang, a well-known cybercrime group that has exploited zero-day vulnerabilities to breach hundreds of companies in recent years. In this campaign, hackers used compromised email accounts and the default password-reset functionality in Oracle E-Business Suite to gain credentials for web portals accessible online.

Google’s head of cybercrime analysis, Genevieve Stark, confirmed the campaign but noted that the company has not yet verified the hackers’ claims regarding stolen data. Charles Carmakal, CTO of Mandiant, highlighted that the emails often reference Clop’s data leak site to pressure victims into paying ransom. In one reported case, the hackers demanded $50 million from a single company.

Oracle E-Business Suite is a set of tools used by thousands of organizations worldwide to manage customer data, employee records, and human resources functions. While Oracle has yet to comment publicly on this campaign, executives are advised to remain vigilant and verify any suspicious emails.

What Executives Should Do

  • Do not pay ransom immediately; verify the claim with security experts.
  • Check for compromised accounts and reset passwords on all Oracle applications.
  • Monitor for phishing attempts using the stolen credentials.
  • Contact cybersecurity professionals or incident response firms for guidance.

This extortion campaign underscores the growing threat of ransomware-linked hacking groups exploiting enterprise software vulnerabilities. Organizations using Oracle apps should prioritize security audits and employee training to prevent potential breaches.


FAQ Section

Q1: Who is behind the Oracle extortion emails?
A: The emails are linked to hackers associated with the Clop ransomware gang.

Q2: How did hackers gain access to Oracle E-Business Suite?
A: They exploited compromised email accounts and abused the default password-reset feature.

Q3: Are the hackers’ claims verified?
A: Google has not yet substantiated the claims of stolen data.

Q4: What should executives do if they receive an email?
A: Do not pay ransom, verify claims, reset passwords, and consult cybersecurity experts.

Q5: What is Oracle E-Business Suite?
A: It’s a suite of products used by companies worldwide to manage customer databases, employee info, and HR files.

About the Author

Anish is the founder of TechBoltX, sharing mobile gaming rewards, guides, and daily updates.