Clop raid on Oracle E-Business Suite started months ago, researchers warn - The Register

Security researchers from watchTowr and CrowdStrike reveal that the Clop ransomware gang has been exploiting Oracle E-Business Suite vulnerabilities since August 2024.

The Clop cybercriminal group has been targeting Oracle EBS systems months before Oracle released a critical patch for CVE-2025-61882 on October 4. This zero-day vulnerability carries a severe CVSS score of 9.8 and allows attackers to execute remote code without authentication. The situation has worsened significantly as exploit code became publicly available immediately after the patch release, making attacks trivial to execute.

• Clop has been actively stealing data from Oracle EBS installations since early August, with victims already receiving extortion emails
• The vulnerability affects systems handling sensitive HR, payroll, and financial data, making organizations prime targets for ransomware attacks
• Public availability of exploit code means additional threat actors will likely launch widespread attacks within days
• Oracle EBS systems are particularly vulnerable due to their complex, customized nature that makes emergency patching slow and difficult