The Cl0p website lists major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland.
November 10, 2025 By Eduard Kovacs
Cybercriminals have named nearly 30 organizations allegedly impacted by the recent campaign targeting customers of Oracle’s E-Business Suite (EBS) enterprise resource planning solutions.
The campaign, which involved extortion emails being sent to executives at dozens of organizations in late September, is believed to have been conducted by a cluster of a profit-driven threat actor tracked as FIN11.
The attacks were claimed by the Cl0p (aka Clop) ransomware group. Cl0p was previously linked by the cybersecurity community to FIN11 and the decision to use it as the public-facing entity for the campaign was likely motivated by its prior involvement in similar high-impact campaigns targeting customers of Cleo, MOVEit, and Fortra file transfer products.
Twenty-nine alleged victims of the Oracle EBS hack have been listed on the Cl0p leak website to date. The organizations that were the first to be named, such as Harvard University, South Africa’s Wits University, and American Airlines subsidiary Envoy Air, confirmed being impacted shortly after they were named by the attackers in mid-October.
Last week, The Washington Post also confirmed it had been successfully targeted in the campaign, but did not share any details, Reuters reported.
However, a majority of the other alleged victims have yet to confirm suffering a data breach.
