Move FM Global News

WASHINGTON, D.C.: Google said that more than 100 companies may have been affected by a sweeping hacking campaign targeting Oracle’s suite of business software, warning that the breach could lead to widespread data exposure across industries.

In a statement, Google said the attackers stole “mass amounts of customer data” in an operation that may have begun as early as three months ago.

“This level of investment suggests the threat actor(s) responsible for the initial intrusion likely dedicated significant resources to pre-attack research,” the company said.

Google, a unit of Alphabet, said its investigation pointed to the CL0P hacking group, which has a long record of targeting third-party software and service providers. The group has previously carried out large-scale extortion campaigns by exploiting supply chain vulnerabilities.

In a separate statement to Reuters, Google analyst Austin Larsen said: “We are aware of dozens of victims, but we expect there are many more. Based on the scale of previous CL0P campaigns, it is likely there are over a hundred.”

The hackers are believed to have targeted Oracle’s E-Business Suite, a collection of applications used by corporate clients to manage operations such as customer relations, logistics, manufacturing, and supply chains.

Oracle did not immediately respond to requests for comment. The company has previously confirmed extortion activity directed at some of its clients.

The CL0P group also did not respond to emails. In an earlier statement, the hackers claimed that Oracle had “bugged up their core product,” suggesting vulnerabilities within the company’s systems.