Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware
Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware
02 October 2025
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p.
The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite.
"This activity began on or