Google says ShinyHunters hackers targeting education sector via Oracle exploit
PeopleSoft is an enterprise resource planning suite used by organizations to manage core business functions including human resources, finance and supply-chain operations.
By Reuters |
Alphabet's cybersecurity unit Mandiant and Google Threat Intelligence Group said Thursday they had identified an active compromise and extortion campaign targeting Oracle's PeopleSoft enterprise software, which they attributed to the hacking group ShinyHunters.
The campaign took place between May 27 and June 9, Google said in a blog.
PeopleSoft is an enterprise resource planning suite used by organizations to manage core business functions including human resources, finance and supply-chain operations.
After becoming aware of active scanning and exploitation, Google said it notified more than 100 organizations whose IP addresses correlated with potentially vulnerable endpoints. Most were based in the U.S., and 68% were in the higher education sector.
Researchers found that the attackers hosted customized MeshCentral agents disguised as legitimate cloud endpoints, which were used to run administrative command queries.
As the activity occurred before Oracle issued a security advisory on June 10, the hackers were able to exploit the vulnerability as a "zero-day" flaw, meaning there was no patch available at the time of the attacks.
ShinyHunters is a hacking group with a history of targeting global companies for extortion. Last month, the group struck a deal with Instructure, the parent company of education tool Canvas, to secure stolen student and school data.
The campaign took place between May 27 and June 9, Google said in a blog.
PeopleSoft is an enterprise resource planning suite used by organizations to manage core business functions including human resources, finance and supply-chain operations.
After becoming aware of active scanning and exploitation, Google said it notified more than 100 organizations whose IP addresses correlated with potentially vulnerable endpoints. Most were based in the U.S., and 68% were in the higher education sector.
Researchers found that the attackers hosted customized MeshCentral agents disguised as legitimate cloud endpoints, which were used to run administrative command queries.
As the activity occurred before Oracle issued a security advisory on June 10, the hackers were able to exploit the vulnerability as a "zero-day" flaw, meaning there was no patch available at the time of the attacks.
ADVERTISEMENT
ShinyHunters is a hacking group with a history of targeting global companies for extortion. Last month, the group struck a deal with Instructure, the parent company of education tool Canvas, to secure stolen student and school data.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
ADVERTISEMENT
