Straitstimes.com header logo

Google says hackers are sending extortion e-mails to executives

Sign up now: Get ST's newsletters delivered to your inbox

The group began sending extortion emails on or before Sept 29, according to Genevieve Stark, head of cybercrime at Google Threat Intelligence Group.

The group began sending extortion e-mails on or before Sept 29, according to Ms Genevieve Stark, head of cybercrime at Google Threat Intelligence Group.

PHOTO: REUTERS

Follow topic:

WASHINGTON - Alphabet’s Google said hackers are sending extortion e-mails to an unspecified number of executives, claiming to have stolen sensitive data from their Oracle business applications.

In a statement, Google said a group claiming affiliation with the ransomware gang cl0p was sending e-mails to “executives at numerous organisations claiming to have stolen sensitive data from their Oracle E-Business Suite”.

The group began sending extortion e-mails on or before Sept 29, according to Ms Genevieve Stark, head of cybercrime at Google Threat Intelligence Group. The e-mails were sent from hundreds of compromised third-party accounts and claim the theft of data, she said.

The Oracle product runs core business operations including financial, supply chain and customer relationship management.

The extortion e-mails include sloppy English and grammar, according to one person familiar with the matter, but are considered characteristic of the group. At least one of the e-mail addresses used on the extortion notes was previously used by an affiliate of cl0p, and the messages contain contact details that are listed on cl0p’s own website, Ms Stark said.

Google does not yet have sufficient evidence to verify the claims made in the extortion demands, she said. Other people familiar with the matter did not disclose the targets of the extortion letters or whether any of the victims had paid a ransom.

An Oracle spokesperson did not respond to a request for comment.

Cl0p is known for targeting large companies with sophisticated malware to lock files and make ransom demands for their deletion. In 2023, cl0p was accused of exploiting weaknesses in MOVEit, a file-transfer product used by companies and organisations to transmit sensitive data, and it claimed to have obtained data from hundreds of organisations.

Shell, IAG’s British Airways and the BBC were among the victims of that earlier attack. 

In June 2023, the US Cyber-security and Infrastructure Security Agency issued an advisory about cl0p, stating it was “one of the largest phishing and malspam distributors worldwide”, estimating it to have compromised more than 3,000 organisations in the US and 8,000 a year. BLOOMBERG, REUTERS

More on this topic
New feature rolled out to keep Google users worldwide safe from ransomware attacks
China-linked hackers targeted diplomats in Asia, Google says
See more on

E-paper

Newsletters

Podcasts

RSS Feed

About Us

Terms & Conditions

Privacy Policy

Need help? Reach us here.

Advertise with us

Download the app

Get unlimited access to exclusive stories and incisive insights from the ST newsroom
Subscribe Placeholder
MDDI (P) 046/10/2025. Published by SPH Media Limited, Co. Regn. No.202120748H. Copyright © 2025 SPH Media Limited. All rights reserved.