The infamous cybercrime group ShinyHunters has allegedly breached Oracle PeopleSoft servers at over 100 organizations, predominantly universities, as a member of ShinyHunters disclosed to JS on Wednesday. These incidents were initially reported by BleepingComputer.
PeopleSoft is a type of enterprise software utilized for managing payroll, human resources, administration, and various other business operations.
This development underscores that ShinyHunters, despite being a prominent and active cybercrime group, continues to focus on large-scale hacking operations. Their strategy involves identifying vulnerabilities in widely-used software to simultaneously target multiple victims.
“Student, applicant, financial aid, immigration, health, and administrative data has been exfiltrated,” stated a message claimed to be sent to one of the victims by the hacker. The cybercriminals asserted they had acquired student records, including home addresses, phone numbers, emails, and birthdates.
According to the hacker, the majority of the targeted educational institutions had already been breached in previous, unrelated attacks.
The primary aim of the group, as mentioned by the member, was to infiltrate an FBI PeopleSoft server. The intention was to publish a statement denying ShinyHunters’ involvement in a series of swatting incidents that the FBI highlighted in an alert last month. This attempt, however, was unsuccessful.
Oracle has not provided any comments in response to these allegations.
