Google disclosed on Thursday that more than 100 companies are likely affected by an extensive hacking campaign targeting Oracle’s suite of business products, a preliminary assessment that could indicate significant operational and financial impact. According to Google, the operation may have started as early as three months ago, and “mass amounts of customer data” were stolen during the campaign. The company stated that the level of investment and planning behind the intrusion suggests that the threat actors dedicated considerable resources to pre-attack reconnaissance.
The hacking group believed to be responsible, CL0P, has a documented history of compromising third-party software and service providers. Google, which maintains a substantial cybersecurity practice alongside its core search, email, and video services, highlighted in a blog post that the intrusions were part of a coordinated effort targeting Oracle’s E-Business Suite. This suite is widely used by clients to manage customers, suppliers, manufacturing, logistics, and other critical business processes, making the potential fallout from the breach extensive. Google analyst Austin Larsen told Reuters that while dozens of victims have been identified, it is likely that many more exist, estimating that over a hundred companies could be impacted based on previous CL0P campaigns.
Oracle has not immediately responded to requests for comment, though the company had previously acknowledged that extortion activity was targeting its clients. CL0P has also not responded to queries, but earlier statements from the group indicated that Oracle’s core products were compromised and implied that evidence of vulnerabilities would soon emerge. Security experts note that such attacks on enterprise software highlight ongoing risks in supply chain security, as third-party applications often serve as an entry point for threat actors seeking access to sensitive organizational data.
The incident underscores the growing sophistication of cybercrime campaigns targeting enterprise systems. Analysts indicate that groups like CL0P not only steal data but may also use it for extortion or ransomware operations, adding pressure on affected organizations to respond quickly and mitigate potential financial and reputational damage. The scale and duration of this campaign emphasize the importance of continuous monitoring, vulnerability management, and rapid incident response within enterprise environments. Companies using widely deployed software solutions are advised to review security protocols, implement patches where available, and monitor unusual activity to reduce exposure to similar threats.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
