Crims had 3-month head start on defenders in Oracle EBS invasion
theregister.co.ukThe raid on Oracle E-Business Suite (EBS) likely began as early as July - about three months before any public detections - with extortionists compromising "dozens" of organizations, a Google investigation has determined.
New analysis by Google Threat Intelligence Group (GTIG) and Mandiant indicates that, while the criminals likely exploited what may be CVE-2025-61882 as a zero-day as early as August 9, weeks before Oracle developed a patch, suspicious HTTP traffic targeting Oracle EBS servers began on July 10.
"We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst at Google Threat Intelligence Group, told The Register. "Some historic Clop data extortion campaigns have had hundreds of victims. Unfortunately, large scale zero-day campaigns like this are becoming a regular feature of cybercrime."
Attack timeline
As a reminder of the timeline thus far: In late September, criminals claiming to be affiliated with ...
Copyright of this story solely belongs to theregister.co.uk . To see the full text click HERE