Reported cyber attacks on Cloud Oracle were worried about potential data exhibitions across the wide rage of organizations.
21st March, the company at the Cyber Security Cloudsek stated that 6 million records were threatened, with more than 140,000 Oracle Cloud tenants.
Cloudsek granted this incident to an actor marked as “Rose87168”, which allegedly obtained data via the Oracle Single ON (SSO) systems and light log directors (LDAP). The attack reported records for dirty online and allegedly requires payment from affected data to data removal companies.
Alleged scope and method of attack
According to Cloudsek’s findings, the attacker used an undiscovered vulnerability on Oracle Weblogic to get access to the end points of login across the regions associated with the Oracle Cloud. Exposed data are reported to include Java Keystore (JKS) files, encrypted passwords for SSO and LDAP systems, key files and keys of JPS.
The compromised endpoint is considered “Login. The attacker also created a profile on X (formally Twitter), it seemed that he was watching the accounts associated with Oracle and the affected shop, perhaps in an effort to press the victim.
The cloud lifted the thread like “high” due to his reported scale and sensitivity of the relevant data.
Reaction and recommendations of cloudsek
Cyber security has recommended that the use of Oracle Cloud to take fast measures such as resetting of credentials, starting forensic investigations, monitoring leaked data on a dark site, and using strict access controls.
Cloudsek also warned that if encrypted credits were successful, there could be far -reaching consequences such as unauthorized access, potential data leaks and risks for connected systems across supplier chains.
Oracle disputes demands on violation
Oracle denied that his cloud system was endangered. In a state Index“The company’s spokesman said:” There was no violation of the Oracle cloud. The published credentials are not for Cloud Oracle. No Oracle Cloud customers have experienced or lost any data. “
The company’s response was followed by an online actor’s threat that published samples of what was claiming that on the forums of cyber criminals, Oracle Cloud, includes screen images and text file uploaded to one of Oracle’s login servers. The file contained an e -mail address associated with the seller and was captured by a machine on the Internet archive.
While Oracle did not comment on, investigating third parts, included Bleephing Computer“Not that one of the affected servers was reported to the older version of Oracle Fusion Middleware as refcentively as February 2025. Scientists in the security area speculated that undamaged critical vulnerability-CVE-2021-35587 was not confirmed.
Nagoing ucretainyt around claims
The attacker, who seems to have no known history before this incident, also offered alleged data in exchange for zero or cryptocurrency. At the forum posts, they claimed that they would contact Oracle about a month earlier with more than $ 200 million in the cryptocurrency in return for details of the break.
They were also looking for help in decrypting SSO and LDAP login data, indicating that information, even if encrypted, could be usable with the right tools or cooperation.
In addition to data, the attacker shared a list of domain names associated with affected companies. Reportedly offered to remove employed information from specific organizations in exchange for payment.
What is known and what does not
This internship remains full of scope and authenticity of data exhibition under the vote. Oracle Mainters that its system has not been broken, while cloud continues to warn against serious risks bound to disseminated data. Whether this incident reflects a proven intrusion or overvalued claim is still excreted by a wider community of cyber security.
See also: Oracle’s 5bn $ UK Cloud Investment
Do you want to know more about cyber security and cloud from industry leaders? Check out Cyber Security & Cloud Expo in Amsterdam, California and London.
Explore other upcoming events and webinars with technology and webinars driven Techforge here.