Google Cloud’s threat intelligence team (GTIG) said the attack unfolded between May 27 and June 9, before Oracle publicly acknowledged the issue. Google said it notified more than 100 organizations whose internet facing systems appeared potentially exposed, with 68% of identified targets belonging to the higher education sector.
“While several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters DLS (Data Leak Site).” GTIG said in a blog post.
Oracle did not immediately respond to CSO’s request for comments.
ShinyHunters, or groups trying to use their name, reportedly posted downloadable evidence of the attack on their DLS on June 9. The post claimed compromised data included “over 40 GB of billing and payment records, credit card and payment details, student finance data, and campus portal exports.”
