The Cl0p ransomware group, known for high-profile attacks including the 2023 MOVEit supply chain breach, announced on its dark web leak site that it had exploited a zero-day vulnerability in Oracle's E-Business Suite. This Java-based enterprise resource planning software is widely used by global businesses for managing operations, finance, and human resources.

According to reports, Cl0p gained unauthorized access to the system, extracting data such as customer records, financial details, and personal information from organizations relying on the suite. The group has begun contacting victims directly, warning them of the data theft and offering to withhold publication in exchange for ransom payments. One post on their site stated, 'We have hacked Oracle E-Business Suite and stolen your data—pay up or we release it.'

The breach appears to stem from an unpatched vulnerability in Oracle's application, allowing remote code execution. Security researchers note that Cl0p has targeted multiple software providers this year as part of an extortion campaign, following the expiration of a data encryption tool patent that previously limited their operations.

No specific timeline for the initial intrusion has been disclosed, but the claims surfaced in early July 2024. While Cl0p provided screenshots as proof, including file listings from affected databases, Oracle has remained silent on the matter. Cybersecurity experts urge companies using E-Business Suite to monitor for unusual activity and apply any available patches immediately.

This incident highlights ongoing risks in supply chain security, where vulnerabilities in third-party software can expose numerous downstream users. Past Cl0p attacks have affected entities like British Airways and the U.S. Department of Energy, leading to significant data exposures and regulatory scrutiny.