Clop-linked crims shake down Oracle execs with data theft claims

Criminals with potential links to the notorious Clop ransomware mob are bombarding Oracle execs with extortion emails, claiming to have stolen sensitive data from Big Red's E-Business Suite, according to researchers.

Google's Threat Intelligence Group (GTIG) and Mandiant are tracking the "high-volume" activity, which began last month, and are investigating whether there is any truth to the attackers' boasts.

In a statement to The Register, Genevieve Stark, head of cybercrime and information operations intelligence analysis at GTIG, said: "This activity began on or before September 29, 2025, but Mandiant's experts are still in the early stages of multiple investigations, and have not yet substantiated the claims made by this group."

The campaign appears to be the work of cybercriminals with possible ties to the Clop ransomware crew, according to analysts at the Chocolate Factory. Clop has a long history of targeting enterprise software vendors and exploiting high-value ...