American Airlinesβ subsidiary Envoy Air was impacted by a cyberattack exploiting Oracle E-Business Suite vulnerabilities, with over 26 GB of data leaked online. The campaign, attributed to Cl0p and FIN11, targeted organizations using Oracle EBS, affecting various sectors including academia and industry. #Cl0p #FIN11 #OracleEBS #EnvoyAir #Witwatersrand
Keypoints
- Envoy Air, a subsidiary of American Airlines, confirmed being impacted by the Oracle E-Business Suite attack.
- Hackers leaked over 26 GB of data, including information from American Airlines and the University of Witwatersrand.
- The attack has been linked to Cl0p ransomware group and the threat actor FIN11.
- Exploited vulnerabilities include patched CVE-2025-61882 and CVE-2025-61884, with unknown specifics of the zero-day in use.
- Multiple organizations received extortion emails, likely due to refusal to pay ransom demands.
Read More: https://www.securityweek.com/american-airlines-subsidiary-envoy-air-hit-by-oracle-hack/