The Washington Post Among Victims of Oracle Software Hacking Campaign
The Washington Post recently announced that it was one of the victims of a hacking campaign connected to Oracle’s suite of corporate software applications. This news was first reported by Reuters, citing a statement from the newspaper confirming that it was affected by the breach of the Oracle E-Business Suite platform.
When contacted for a comment, a spokesperson for The Washington Post did not immediately respond. Oracle spokesperson Michael Egbert directed inquiries to advisories previously posted by the company and did not provide further information.
Google revealed last month that the ransomware group Clop had been targeting companies by exploiting vulnerabilities in Oracle’s E-Business Suite software. This software is commonly used by companies for various business operations, including storing human resources files and other sensitive data. The exploits allowed hackers to access customer business data and employee records from over 100 companies.
The hacking campaign by the Clop gang began in late September, with corporate executives receiving extortion messages from email addresses associated with the group. The hackers claimed to have stolen significant amounts of internal business data and employees’ personal information from compromised Oracle systems. Anti-ransomware firm Halcyon reported that the hackers demanded a $50 million ransom from one executive at an affected company.
On its website, Clop claimed to have hacked The Washington Post, accusing the company of neglecting their security measures. This tactic is often used by the group when victims do not comply with their demands. It is common for ransomware gangs to publicize the names and stolen files of victims as a pressure tactic.
Other organizations affected by the Oracle E-Business hacks include Harvard University and American Airlines subsidiary Envoy.
