Google Threat Intelligence Group and Mandiant have uncovered an Oracle E-Business Suite extortion campaign involving sophisticated malware and exploited vulnerabilities, including a zero-day flaw CVE-2025-61882. The hackers likely associated with FIN11 have targeted multiple organizations, stealing data and demanding ransom, while exploiting known and unknown vulnerabilities. #CVE-2025-61882 #FIN11 #OracleEBS #GoldVeinJava
Keypoints
- Attackers exploited known Oracle EBS vulnerabilities, including a zero-day, in their campaign starting around July 10.
- Malicious templates in Oracle EBS stored multi-stage, fileless malware payloads to evade detection.
- The malware chain involves loaders named SageGift, SageLeaf, and SageWave, delivering final payloads stealthily.
- Links to the cybercrime group FIN11 suggest they are behind these extortion and data theft activities.
- Dozens of organizations have been affected, with significant data stolen and ransom demands issued.
Read More: https://www.securityweek.com/sophisticated-malware-deployed-in-oracle-ebs-zero-day-attacks/