Harvard Investigates Data Breach After Clop Ransomware Exploits Oracle Vulnerability

Harvard University said it is investigating a potential data security incident after the Clop ransomware group listed the institution on its data leak site, claiming to have exploited a zero-day vulnerability in Oracle’s E-Business Suite servers.

 

Recently, the Clop ransomware group claimed to have exploited a zero-day vulnerability in Oracle’s E-Business Suite servers. Oracle confirmed that this flaw is remotely exploitable without authentication, meaning it can be accessed over a network without a username or password. Successful exploitation could allow remote code execution.

 

Earlier this month, cybersecurity firms Mandiant and Google began tracking a new extortion campaign targeting organisations using Oracle’s E-Business Suite. According to reports, numerous companies received emails claiming that sensitive data had been stolen from their systems.

 

Although Clop declined to provide specifics about the attack, they confirmed to BleepingComputer that they were responsible for the emails and exploited a new Oracle vulnerability in the data theft.

 

“Soon it will be clear that Oracle has compromised their core product, and once again, it’s up to Clop to save the day,” the ransomware group said.

 

In a recent statement shared with media, a Harvard University spokesperson said, “Harvard is aware of reports that data associated with the University has been obtained as a result of a zero-day vulnerability in the Oracle E-Business Suite system. This issue has impacted many Oracle E-Business Suite customers and is not specific to Harvard.

 

“While the investigation is ongoing, we believe that this incident impacts a limited number of parties associated with a small administrative unit. Upon receiving it from Oracle, we applied a patch to remediate the vulnerability. We are continuing to monitor and have no evidence of compromise to other University systems,” the spokesperson added.