Executives across multiple industries are receiving threatening emails from hackers claiming to have stolen sensitive data through Oracle’s widely used E-Business Suite platform. The campaign, first observed at the end of September, is now being tracked by incident responders at Mandiant and Google’s Threat Intelligence Group (GTIG), who warn that the operation may be linked to the notorious Clop ransomware gang, also known in the cybersecurity industry as FIN11.
A New Front in Extortion
According to GTIG investigator Genevieve Stark, the campaign began on September 29 and is still in its early stages. Extortion emails have been sent to senior executives at numerous organizations, though responders have not disclosed how many companies are affected or what kind of information may have been stolen. The attackers claim that stolen data includes material from Oracle’s E-Business Suite — a cornerstone enterprise platform managing finance, HR, and supply chain operations for global corporations.
Mandiant CTO Charles Carmakal confirmed that the campaign is being run from hundreds of compromised email accounts, and at least one has been tied to previous FIN11 activity. He cautioned, however, that while the operation references Clop and even reuses contact addresses listed on Clop’s official leak site, it is still unclear whether the gang itself is behind this wave.
“This may simply be opportunistic actors leveraging Clop’s name to create fear and drive ransom payments,” Carmakal said.
Oracle Silent, Investigators Cautious
Oracle has not responded to requests for comment. The lack of confirmation has left investigators weighing whether this is a legitimate intrusion into Oracle systems or a campaign designed to sow panic by invoking the company’s name.
Earlier this year, Oracle acknowledged a January incident where hackers accessed legacy systems and stole client credentials, prompting a warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). It remains unclear whether the current activity is connected.
Clop’s Track Record
If Clop is behind this campaign, the implications are severe. The group has already earned hundreds of millions of dollars through ransomware and extortion by exploiting widely used software like MOVEit, GoAnywhere, and Accellion. Its MOVEit campaign alone affected 2,773 organizations and exposed the data of nearly 96 million people, according to Emsisoft.
Clop is known for avoiding destructive ransomware tactics, instead focusing on stealing data and selling silence. This business model has made it one of the most financially successful cybercrime syndicates operating today, with estimated earnings of $75–100 million from MOVEit ransoms alone.
The Bigger Picture
This campaign illustrates a dangerous shift: extortion is no longer limited to disrupting networks — it is being personalized at the executive level. By targeting senior leaders directly, attackers increase pressure on organizations to pay quickly in order to protect reputations and prevent corporate chaos.
For now, Mandiant and GTIG continue to monitor the campaign while warning that attribution remains unconfirmed. Whether this is Clop expanding its arsenal or another group capitalizing on its name, the message to corporate leaders is the same: data extortion has entered the boardroom.
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 2 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.
🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
