ACCORDING to SecurityWeek, Michelin has confirmed a data breach linked to the Oracle E-Business Suite (EBS) campaign, with the Cl0p ransomware and extortion group claiming credit for the attack. The incident involved exploitation of a zero-day in Oracle EBS, and the firm said the hackers accessed some files but only a small, localised volume of data was affected, with no sensitive or technical IT information compromised.
Michelin’s spokesperson stated that no ransomware was involved and there has been no impact on global systems, while emphasising that customer and partner data safety remains paramount. The cybercriminals have publicised more than 315GB of archives alleged to contain Michelin files, and SecurityWeek’s analysis suggests at least some of the data originates from an Oracle EBS environment.
Cl0p has listed more than 100 targeted organisations on its site, and researchers believe the operation was driven by a cluster of threat actors, most notably FIN11. Madison Square Garden also confirmed it was targeted in the Oracle EBS campaign, months after the hackers leaked over 210GB of files from the company.