The Cl0p ransomware group has exploited a critical zero-day vulnerability in the E-Business Suite (EBS) of Oracle Corporation, a multinational technology company specializing in database software and enterprise products.
The vulnerability, tracked as , is a critical flaw with a CVSS score of 9.8 out of 10. It allows an unauthenticated attacker with network access to achieve remote code execution on affected systems. In response to active exploitation by Cl0p for data theft campaigns, Oracle has released an emergency security patch and urged customers to apply the update immediately.
Adding another layer to the incident, a threat actor group known as Scattered LAPSUS$ Hunters (SLH) publicly claimed that the exploit used by Cl0p was originally theirs. In a statement on their Telegram channel, the group expressed frustration, stating, “This was OUR FUCKING EXPLOIT. WE WERE GOING TO RUN THIS FUCKING CAMPAIGN.” They claimed Cl0p had somehow acquired their zero-day before they could launch their own attacks.
According to reports, the Cl0p group leveraged the exploit to conduct a series of data theft attacks against organizations using the vulnerable software. The vulnerability could allow attackers to access and exfiltrate a wide range of sensitive corporate and customer information. The potentially compromised data includes:
- Financial records
- Sensitive employee information (PII)
- Customer data
- Proprietary business documents
