Oracle EBS Customers Targeted in Cl0p Ransomware Extortion Campaign
Oracle E-Business Suite (EBS) customers were targeted in an extortion campaign on October 2, 2025. The threat actor, claiming to be the Cl0p ransomware group, exploited vulnerabilities patched in the July 2025 calendar update.
Arctic Wolf reported multiple open-source observations of extortion emails sent to EBS customers. The emails leveraged vulnerabilities previously fixed in the July 2025 calendar update, affecting both Oracle Database and Fusion Middleware. Three of these vulnerabilities could be exploited by unauthenticated remote threat actors. EBS relies heavily on these components, making it a prime target.
Oracle addressed nine vulnerabilities in the July 2025 calendar update, ranging from medium to high severity. The company urges customers to apply the July 2025 Critical Patch Update to both Database and Fusion Middleware to mitigate risks. Arctic Wolf also recommends upgrading to the latest fixed version of impacted EBS products.
The extortion campaign targeting Oracle E-Business Suite customers highlights the importance of keeping systems up-to-date. Oracle and cybersecurity experts advise applying the July 2025 calendar Critical Patch Update to protect against potential threats and vulnerabilities.
