Hacker linked to Oracle Cloud intrusion threatens to sell stolen data
An article from
Safety researchers from Trustwave SpiderLabs equipped extra proof backing up claims of a breach.
Printed April 2, 2025
Just_Super thru Getty Images
First printed on
This audio is auto-generated. Please inform us whereas you happen to’ve feedback.
The threat actor that claimed responsibility for an alleged files breach at Oracle Cloud is threatening to free up or sell the ideas, in accordance with safety researchers.
The threat actor, is known as Rose87168, posted a threat Sunday to leak stolen files and claimed Oracle is no longer cooperating with the hacker’s demands, in accordance with a LinkedIn put up by Alon Gal, co-founder and CTO at Hudson Rock.
The threat actor previously took credit for the Oracle Cloud incident, claiming to have earn entry to to 6 million files files, affecting higher than 140,000 tenants.
After at the origin denying that a breach took location, Oracle has largely remained peaceful about the breach and declined to answer to a model of requests to observation on the incident. Meanwhile, safety researchers have revealed increasing proof backing up claims of the ideas breach.
Safety researchers from CloudSEK printed proof final week that supported the threat actor’s claims of a breach. Researchers acknowledged they believed the hacker exploited a nil-day vulnerability or a misconfiguration within the OAuth2 authentication activity.
The alleged breach modified into linked to a valuable vulnerability, listed as CVE-2021-35587, a vulnerability in Oracle To find admission to Manager fabricated from Oracle Fusion Middleware. The vulnerability, which has a CVSS earn of 9.8, permits an unauthenticated attacker with network earn entry to thru HTTP to compromise Oracle To find admission to Manager.
The stolen files involves single label-on credentials, Light-weight Itemizing To find admission to Protocol passwords, OAuth2 keys and tenant files, in accordance with CloudSEK.
CloudSEK researchers have been inspecting a pattern equipped by the hacker.
Researchers from Trustwave SpiderLabs launched a blog put up final week confirming the hacker is threatening to sell stolen files and offering a pair of aquire choices, in accordance with company name, hashed credentials and other requirements.
“In step with our study and diagnosis, and that of alternative researchers, we feel that it’s far likely that right here’s a reliable breach,” researchers from Trustwave informed Cybersecurity Dive thru electronic mail.
