Oracle PeopleSoft servers are being hit by ongoing data theft attacks linked to the ShinyHunters extortion gang, which claims to have stolen data from more than 100 organizations and 300 instances. Investigators found exposed tooling and indicators tied to the campaign, including scripts, staging files, and IP addresses, while Nottingham University has acknowledged a cybersecurity incident. #ShinyHunters #OraclePeopleSoft #NottinghamUniversity
Keypoints
- ShinyHunters is targeting Oracle PeopleSoft servers in ongoing data theft attacks.
- The group claims data theft from 300 instances across more than 100 organizations.
- Most affected victims appear to be in the education sector.
- Researchers found exposed directories, MeshCentral agents, and attack scripts linked to the campaign.
- Organizations should check the listed IP addresses and review PeopleSoft logs for compromise.