Michelin confirms data breach linked to Oracle EBS cyberattack campaign

Global tire manufacturer Michelin has confirmed a data breach connected to a large-scale cybercrime campaign that targeted organizations using Oracle E-Business Suite, an enterprise management platform developed by Oracle Corporation.

The incident stems from a coordinated hacking operation in which attackers exploited previously unknown vulnerabilities in Oracle’s E-Business Suite software to access data stored by organizations using the platform. The campaign has been publicly claimed by the cybercriminal group Cl0p ransomware group, which has listed more than 100 alleged victims on its leak site.

Cybersecurity researchers attribute the broader operation to a cluster of sophisticated threat actors believed to include FIN11 cybercrime group, known for conducting large-scale data theft and extortion campaigns.

Michelin confirmed it was among the organizations affected by the incident. Company officials stated that the breach occurred after attackers exploited a zero-day vulnerability in Oracle E-Business Suite.

A spokesperson for the company said the organization regularly faces cyberattacks and that this incident occurred at the same time as similar attacks targeting multiple companies. Internal teams conducted an investigation shortly after detecting the intrusion and identified the exploited vulnerability in the Oracle system.

The company said corrective actions were implemented promptly and the issue has since been resolved. Officials added that the incident did not disrupt Michelin’s global systems and that no ransomware was deployed during the attack.

According to the company, attackers accessed a limited set of files during the breach. Michelin described the compromised material as a small, localized volume of data that did not include sensitive or technical IT information.

Despite those assurances, the attackers have published more than 315 gigabytes of archives that they claim were stolen from Michelin’s systems. An examination of the available file metadata and directory structure indicates that at least some of the leaked material appears to originate from an Oracle E-Business Suite environment.