New Fear-Tor Campaign Targets Executives
Security firms Mandiant and Google are currently looking into a new fear-tor campaign that has begun targeting high-level executives across different companies. The campaign involves emails asserting that sensitive data has been stolen from Oracle E-Business Suite Systems.
As reported by BleepingComputer, this campaign, which started in late September, is under scrutiny by Mandiant and Google’s GTIG (Google Threat Intelligence Group). Genevieve Stark, director of GTIG’s Cybercrime and Information Operations Intelligence Analysis, mentioned that the investigation is still in its early phases, and the claims made by the group behind this initiative have yet to be substantiated.
Charles Carmakal, CTO at Google Cloud, explained that these concerning emails originate from numerous compromised email accounts, with at least one linked to FIN11, a financially-driven threat group infamous for its ransomware activities and extortion tactics.
The emails contain contact information tied to the CLOP ransomware gang’s data leak site, which hints at a possible connection to the fear-tor group. However, Karmakar noted that, while the methodologies align with previous tactics used by Clop, there’s not enough evidence to confirm if any data theft has actually occurred.
Following the BleepingComputer report, a representative from Clop supposedly communicated with the outlet. They asserted that they were implicated in the forced emails and claimed that a vulnerability in Oracle’s software was exploited during the attack. Nonetheless, the threat actors haven’t provided detailed insights regarding their supposedly malicious activities.
“At this point, we are not ready to discuss the details,” Clop informed BleepingComputer.
“It’s evident that Oracle has compromised its core products, and again, it’s up to Clop to rectify the situation. We simply expect to be compensated for the services we offer to safeguard numerous major businesses worldwide without causing harm to the system.”
Additionally, the US State Department is currently offering a reward of $10 million for information that connects CLOP ransomware activities to foreign governments.
