Harvard University was reportedly the first confirmed organization that was affected as part of an exploitation of a zero-day flaw in Oracle E-Business Suite (EBS) by the Clop ransomware group.While they did not reveal too many specifics, Harvard officials confirmed that the incident “impacts a limited number of parties associated with a small administrative unit.”SC Media on Oct. 3 reported that Oracle confirmed that some of its E-Business Suite (EBS) customers have received extortion emails but did not originally — nor still has not — directly tied the attacks to the Clop ransomware gang, which reportedly claimed responsibility for the cyber incident.“Harvard was first, but there were 39 companies on the main list,” said Jake Ouellette, lead incident detection engineer at Blumira. “I'm feeling like this one will also be bad.”Chad Cragle, chief information security officer at Deepwatch, said Clop executed a classic “steal-then-extort” strategy by exploiting a zero-day remote-code-execution flaw in Oracle E-Business Suite in August, quietly exfiltrating data before sending extortion emails and pressuring leak sites.“Their methods mirror previous campaigns where they exploit quickly, steal data discreetly, and rely on reputation and fear rather than encryption to compel payment,” said Cragle. “Harvard’s confirmation indicates that the threat actors are successfully breaching real environments containing sensitive financial and operational data. Organizations using Oracle EBS should assume reconnaissance has already taken place. Knowing this, you must patch and verify immediately.”
Ransomware, Vulnerability Management, Incident Response
Harvard University impacted in Oracle EBS zero-day exploitation

(Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



