Google Reports Extortion Emails Targeting Executives Following Alleged Cl0p Oracle E-Business Suite Applications Hack
Published on October 2, 2025
- Threat campaign: Google has reported a high-volume email campaign where hackers are sending extortion demands to corporate executives.
- Hacker claims: Cl0p Ransomware allegedly stole sensitive data from executives' Oracle E-Business Suite applications.
- Unverified: Google stated it does not have sufficient evidence to definitively verify the hackers' claims of a data breach.
Alphabet's Google has issued a warning about a widespread extortion campaign targeting an unspecified number of corporate executives. According to reports, hackers are sending emails claiming to have breached company systems and stolen sensitive information from Oracle business applications.
This campaign represents a significant escalation in cybersecurity threats aimed directly at high-level corporate leadership.
Alleged Affiliation with Ransomware Gang Cl0p
The group behind the attacks is claiming an affiliation with the notorious ransomware gang Cl0p, Google said, cited by Reuters and reported by Bloomberg. This connection, if true, would be a serious concern for targeted organizations, given Cl0p's history of large-scale data theft and extortion operations.
The extortion emails are designed to pressure executives into paying a ransom to prevent the public release of the supposedly stolen data. However, Google has been cautious in its assessment, stating that the veracity of the hackers' claims has not yet been confirmed.
A New Wave of Executive Email Scams
This campaign, which Google characterizes as “high-volume,” highlights the evolving tactics of cybercriminals, who are increasingly focusing on direct-to-executive extortion. By targeting individuals with significant influence and access, attackers aim to increase the likelihood of a quick payout.
While the claims of a data breach from Oracle systems remain unsubstantiated, the campaign itself serves as a critical alert for organizations to review their security posture, particularly around executive communications and critical business applications.
Oracle has not commented on the situation yet. The threat actor was linked to the Cleo hack incident last year.
In August, Oracle announced that one of its “legacy” computer systems had been breached, and “old” client login credentials were compromised. The company was also hit with a class-action lawsuit concerning improper protection of PII in an alleged cyberattack on Oracle Cloud.
In July, a BEC scam leveraged fake Microsoft 365 login pages to harvest credentials from aviation executives via finance-related emails.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular