Massive Oracle Hack Hits Over 100 Australian Firms
- A major hacking campaign has exploited a critical flaw in Oracle’s E-Business Suite, impacting what experts believe to be over 100 companies across Australia.
- The attack, linked to the notorious CL0P extortion group, involves a “zero-day” vulnerability, meaning the hackers struck before a patch was available.
- Attackers stole “mass amounts of customer data” in an operation that may have been active for months before being discovered.
- Oracle has since released an emergency patch, with cybersecurity agencies urging businesses to update their systems immediately to prevent further breaches.
A Sweeping Cyberattack Exposes Deep Cybersecurity Gaps
A sprawling, Oracle-linked hacking campaign has swept across Australia, leaving a trail of data breaches and exposing significant cybersecurity vulnerabilities in its wake. Security researchers say that well over 100 Australian firms have likely been compromised, with attackers making off with huge troves of sensitive corporate and customer data. The incident has sent shockwaves through the nation’s business community, highlighting the ever-present danger of unpatched software and the sophisticated tactics of modern cybercriminals.
The scale of the breach is still being uncovered, but the early signs are alarming. In a statement to Reuters, Google threat analyst Austin Larsen confirmed the wide scope of the attack. “We are aware of dozens of victims, but we expect there are many more,” he said. “Based on the scale of previous CL0P campaigns, it is likely there are over a hundred” companies impacted. The attackers specifically targeted Oracle’s E-Business Suite, a set of software tools used by countless corporations for managing critical operations, from finance to supply chain logistics. According to Google’s investigation, the hackers stole “mass amounts of customer data” in an operation that might have started as early as three months ago, running silently in the background.
How the Hackers Slipped Past Defenses
The attackers managed to bypass corporate defenses by exploiting a previously unknown “zero-day” vulnerability, a flaw that Oracle itself wasn’t aware of until it was too late. This critical flaw, now tracked as CVE-2025-61882, essentially gave hackers a key to the front door. According to Charles Carmakal, the CTO of Mandiant Consulting, this vulnerability allowed attackers to gain remote access and, in some cases, achieve a full takeover of the system. This gave them unfettered access to the sensitive information stored within.
The campaign appears to be the work of the CL0P extortion group, a known bad actor in the cybersecurity world. As detailed in a Google Cloud threat intelligence report, these actors have a history of exploiting high-impact vulnerabilities for financial gain. Jake Knott, a principal security researcher at watchTowr, told Cyber Daily that the group’s activity was spotted months ago. “Clop has been exploiting multiple vulnerabilities in Oracle EBS since at least August 2025, stealing large amounts of data from several victims,” he explained. The situation has become even more precarious because the exploit code, which was once complex, has now been leaked, lowering the barrier for less skilled hackers to launch their own attacks.
Chaos Among Cybercriminals
Adding another layer of chaos to the situation is a reported turf war between rival hacking groups. While the CL0P group initiated the extortion campaign after months of quiet intrusion, another group has entered the fray. A leaked data archive attributed to a group calling themselves “SCATTERED LAPSUS$ [RETARD-CL0P] HUNTERS” suggests infighting over control of the Oracle exploitation tools. This kind of conflict is a messy reminder that the cybercriminal underworld is not a monolith but a volatile ecosystem of competing interests, which can make predicting their next move incredibly difficult for defenders.
Recommended Tech
With personal and corporate data exposed in breaches like this, protecting your identity has never been more crucial. The TechBull recommends Aura for identity theft protection. It monitors your personal information online, alerts you to potential fraud, and provides insurance and recovery support, giving you peace of mind when your data might be in the wild.
A Race to Patch a Critical Flaw
In response to the escalating crisis, Oracle scrambled to contain the damage. On October 4, the tech giant released an emergency patch for the CVE-2025-61882 vulnerability, issuing a stark warning that the flaw is “remotely exploitable without authentication”. This is cybersecurity speak for a worst-case scenario, as it means a hacker doesn’t need any credentials to break in. The company urged customers to apply the update immediately, a plea echoed by government agencies worldwide. Both the UK’s National Cyber Security Centre and Singapore’s Cyber Security Agency have put out urgent advisories, signaling the global severity of the threat.
The message from security experts is clear and direct. “If you run Oracle EBS, this is your red alert. Patch immediately, hunt aggressively, and tighten your controls – fast,” Knott warned, anticipating a new wave of opportunistic attacks from hackers using the leaked exploit. For businesses, this isn’t just about installing an update; it’s about actively searching for any signs that they’ve already been compromised. Companies in need of immediate assistance may turn to freelance cybersecurity experts on platforms like Fiverr to conduct urgent security audits.
Why Australia Was Left Exposed
The success of this campaign in Australia underscores a painful truth: many companies are running on outdated and unpatched systems. Google’s analysis pointed out that the attackers likely did their homework. “This level of investment suggests the threat actor(s) responsible for the initial intrusion likely dedicated significant resources to pre-attack research,” its report noted, hinting at pre-existing weaknesses in corporate defenses. This incident aligns perfectly with the trends identified in Australia’s 2024–25 Annual Cyber Threat Report, which highlighted a sharp increase in attacks targeting enterprise software. The Oracle breach is a textbook example of this trend, and it follows other major security events like the recent iiNet data breach that have rattled the country.
When reached for comment, Oracle did not respond, though it has previously acknowledged that its customers were being targeted in extortion attempts.
Get the latest tech updates and insights directly in your inbox.
A Call for Vigilance as the Dust Settles
As the full impact of the campaign continues to be assessed, security experts are urging businesses to remain on high alert. The fact that the vulnerability may have been exploited for months means the attackers could still be lurking in compromised networks. “Given that exploitation in the wild may have occurred since August 2025, customers of affected Oracle E-Business Suite instances that are accessible via the internet should conduct suitable threat hunting to detect any potential malicious activity,” Rapid7 advised in a public statement. This involves a deep dive into system logs and network traffic to look for anything out of the ordinary, a task that can be supported by business intelligence tools like Databox that help monitor for unusual activity.
Mandiant is reportedly working with both Oracle and the victims to investigate and clean up the breaches. The incident serves as a stark wake-up call, reigniting urgent conversations about patch management, incident response, and corporate preparedness across Australia. As we see more and more AI-driven cyberattacks, the need for robust and proactive security has never been greater.